Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2021-28153

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 11 ΠΌΠ°Ρ€. 2021
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: ubuntu
ΠŸΡ€ΠΈΠΎΡ€ΠΈΡ‚Π΅Ρ‚: medium
EPSS Низкий
CVSS2: 5
CVSS3: 5.3

ОписаниС

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

released

2.56.4-0ubuntu0.18.04.8
devel

not-affected

2.68.0-1
esm-infra-legacy/trusty

needed

esm-infra/bionic

released

2.56.4-0ubuntu0.18.04.8
esm-infra/focal

released

2.64.6-1~ubuntu20.04.3
esm-infra/xenial

released

2.48.2-0ubuntu4.8
focal

released

2.64.6-1~ubuntu20.04.3
groovy

released

2.66.1-2ubuntu0.2
hirsute

not-affected

2.68.0-1
impish

not-affected

2.68.0-1

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 67%
0.00528
Низкий

5 Medium

CVSS2

5.3 Medium

CVSS3

БвязанныС уязвимости

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2021-28153

CVSS3: 5.3
redhat
ΠΏΠΎΡ‡Ρ‚ΠΈ 5 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2021-28153

CVSS3: 5.3
nvd
ΠΏΠΎΡ‡Ρ‚ΠΈ 5 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)

msrc Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2021-28153

CVSS3: 5.3
msrc
большС 4 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink it incorrectly also creates the target of the symlink as an empty file which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists then the contents of that file correctly remain unchanged.)

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2021-28153

CVSS3: 5.3
debian
ΠΏΠΎΡ‡Ρ‚ΠΈ 5 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

An issue was discovered in GNOME GLib before 2.66.8. When g_file_repla ...

suse-cvrf Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

SUSE-SU-2023:0174-1

suse-cvrf
ΠΏΠΎΡ‡Ρ‚ΠΈ 3 Π³ΠΎΠ΄Π° Π½Π°Π·Π°Π΄

Security update for glib2

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 67%
0.00528
Низкий

5 Medium

CVSS2

5.3 Medium

CVSS3

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2021-28153