CVE-2021-3800

medium

Description

A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.

References

Advisories
More

https://security.netapp.com/advisory/ntap-20221028-0004/

https://lists.debian.org/debian-lts-announce/2022/09/msg00020.html

https://bugzilla.redhat.com/show_bug.cgi?id=1938284

https://access.redhat.com/security/cve/CVE-2021-3800

https://www.openwall.com/lists/oss-security/2017/06/23/8

https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a51995

Details

Source: Mitre, NVD

Published: 2022-08-23

Updated: 2023-04-25

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N