A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2021-3800 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1938284 | Issue Tracking Patch Third Party Advisory |
https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a51995 | Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2022/09/msg00020.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20221028-0004/ | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2017/06/23/8 | Exploit Mailing List Patch Third Party Advisory |
Configurations
History
10 Apr 2023, 15:39
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
07 Dec 2022, 02:31
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20221028-0004/ - Third Party Advisory | |
First Time |
Netapp active Iq Unified Manager
Netapp |
28 Oct 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-200 | |
References |
|
01 Oct 2022, 02:33
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | |
First Time |
Debian debian Linux
Debian |
|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/09/msg00020.html - Mailing List, Third Party Advisory |
15 Sep 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Aug 2022, 15:39
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:* | |
CWE | CWE-552 | |
First Time |
Gnome glib
Gnome |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MISC) https://www.openwall.com/lists/oss-security/2017/06/23/8 - Exploit, Mailing List, Patch, Third Party Advisory | |
References | (MISC) https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a51995 - Patch, Vendor Advisory | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2021-3800 - Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1938284 - Issue Tracking, Patch, Third Party Advisory |
23 Aug 2022, 17:04
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-23 16:15
Updated : 2023-12-10 14:35
NVD link : CVE-2021-3800
Mitre link : CVE-2021-3800
CVE.ORG link : CVE-2021-3800
JSON object : View
Products Affected
netapp
- active_iq_unified_manager
debian
- debian_linux
gnome
- glib