Описание
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.56.4-0ubuntu0.18.04.8 |
| devel | not-affected | 2.68.0-1 |
| esm-infra-legacy/trusty | needed | |
| esm-infra/bionic | released | 2.56.4-0ubuntu0.18.04.8 |
| esm-infra/focal | released | 2.64.6-1~ubuntu20.04.3 |
| esm-infra/xenial | released | 2.48.2-0ubuntu4.8 |
| focal | released | 2.64.6-1~ubuntu20.04.3 |
| groovy | released | 2.66.1-2ubuntu0.2 |
| hirsute | not-affected | 2.68.0-1 |
| impish | not-affected | 2.68.0-1 |
Показывать по
EPSS
5 Medium
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)
An issue was discovered in GNOME GLib before 2.66.8. When g_file_repla ...
EPSS
5 Medium
CVSS2
5.3 Medium
CVSS3