An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)
References
Link | Resource |
---|---|
https://gitlab.gnome.org/GNOME/glib/-/issues/2325 | Exploit Issue Tracking Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RXTD5HCP2K4AAUSWWZTBKQNHRCTAEOF/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICUTQPHZNZWX2DZR46QFLQZRHVMHIILJ/ | |
https://security.gentoo.org/glsa/202107-13 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20210416-0003/ | Third Party Advisory |
Configurations
History
07 Nov 2023, 03:32
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
03 Feb 2023, 15:02
Type | Values Removed | Values Added |
---|---|---|
First Time |
Debian
Broadcom brocade Fabric Operating System Firmware Debian debian Linux Broadcom |
|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
06 Jun 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 May 2022, 20:48
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Apr 2021, 19:29
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUTQPHZNZWX2DZR46QFLQZRHVMHIILJ/ - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210416-0003/ - Third Party Advisory |
19 Apr 2021, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Apr 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Mar 2021, 16:44
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
22 Mar 2021, 17:34
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 7.1 |
22 Mar 2021, 13:41
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RXTD5HCP2K4AAUSWWZTBKQNHRCTAEOF/ - Mailing List, Third Party Advisory | |
References | (MISC) https://gitlab.gnome.org/GNOME/glib/-/issues/2325 - Exploit, Issue Tracking, Patch, Vendor Advisory | |
CPE | cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 3.6
v3 : 7.1 |
CWE | CWE-59 |
22 Mar 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Mar 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-11 22:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-28153
Mitre link : CVE-2021-28153
CVE.ORG link : CVE-2021-28153
JSON object : View
Products Affected
gnome
- glib
debian
- debian_linux
broadcom
- brocade_fabric_operating_system_firmware
fedoraproject
- fedora
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')