CVE-2021-3800

medium

Description

A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.

References

https://www.openwall.com/lists/oss-security/2017/06/23/8

https://security.netapp.com/advisory/ntap-20221028-0004/

https://lists.debian.org/debian-lts-announce/2022/09/msg00020.html

https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a51995

https://bugzilla.redhat.com/show_bug.cgi?id=1938284

https://access.redhat.com/security/cve/CVE-2021-3800

Details

Source: Mitre, NVD

Published: 2022-08-23

Updated: 2023-04-25

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N