Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-28153

Опубликовано: 10 мар. 2021
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6firefoxOut of support scope
Red Hat Enterprise Linux 6glib2Out of support scope
Red Hat Enterprise Linux 6thunderbirdOut of support scope
Red Hat Enterprise Linux 7glib2Out of support scope
Red Hat Enterprise Linux 9glib2Not affected
Red Hat Enterprise Linux 8glib2FixedRHSA-2021:438509.11.2021
Red Hat Enterprise Linux 9mingw-glib2FixedRHSA-2022:841815.11.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-59
https://bugzilla.redhat.com/show_bug.cgi?id=1938291glib: g_file_replace() with G_FILE_CREATE_REPLACE_DESTINATION creates empty target for dangling symlink

EPSS

Процентиль: 67%
0.00528
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-28153

CVSS3: 5.3
ubuntu
почти 5 лет назад

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)

nvd логотип

CVE-2021-28153

CVSS3: 5.3
nvd
почти 5 лет назад

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)

msrc логотип

CVE-2021-28153

CVSS3: 5.3
msrc
больше 4 лет назад

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink it incorrectly also creates the target of the symlink as an empty file which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists then the contents of that file correctly remain unchanged.)

debian логотип

CVE-2021-28153

CVSS3: 5.3
debian
почти 5 лет назад

An issue was discovered in GNOME GLib before 2.66.8. When g_file_repla ...

suse-cvrf логотип

SUSE-SU-2023:0174-1

suse-cvrf
почти 3 года назад

Security update for glib2

EPSS

Процентиль: 67%
0.00528
Низкий

5.3 Medium

CVSS3