CVE-2021-3800: Infoleak
First published: Fri Mar 12 2021(Updated: )
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/glib2 | <2.63.6 | 2.63.6 |
| GNOME GLib | <2.62.5 | |
| GNOME GLib | >=2.63.0<2.63.6 | |
| Debian Debian Linux | =10.0 | |
| Netapp Active Iq Unified Manager Vmware Vsphere |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2021-3800
- https://bugzilla.redhat.com/show_bug.cgi?id=1938284
- https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a51995
- https://lists.debian.org/debian-lts-announce/2022/09/msg00020.html
- https://security.netapp.com/advisory/ntap-20221028-0004/
- https://www.openwall.com/lists/oss-security/2017/06/23/8
- https://gitlab.gnome.org/GNOME/glib/commit/3529bb4450a51995
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1938290
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1938288
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1938287
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1938285
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1938289
- https://access.redhat.com/errata/RHSA-2021:4385
- https://access.redhat.com/security/cve/cve-2021-3800
Frequently Asked Questions
What is CVE-2021-3800?
CVE-2021-3800 is a vulnerability found in glib before version 2.63.6 that allows pkexec to leak content from files owned by privileged users to unprivileged ones.
What is the severity of CVE-2021-3800?
The severity of CVE-2021-3800 is medium with a CVSS score of 5.5.
How does CVE-2021-3800 affect GNOME GLib?
CVE-2021-3800 affects GNOME GLib versions up to 2.62.5 and versions between 2.63.0 and 2.63.6.
How does CVE-2021-3800 affect Debian Debian Linux?
CVE-2021-3800 affects Debian Debian Linux 10.0.
How do I fix CVE-2021-3800?
To fix CVE-2021-3800, update to version 2.63.6 or later of glib.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-3800
- agent/software-canonical-lookup
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/redhat
- vendor/gnome
- canonical/gnome glib
- version/gnome glib/2.63.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- vendor/netapp
- canonical/netapp active iq unified manager vmware vsphere