CVE-2021-3800

Published: Aug 23, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.

Affected (4)

Products: Gnome: Glib · Debian: Debian Linux · Netapp: Active Iq Unified Manager

1 product

1 product

1 product

Active Iq Unified Manager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Gnome Glib	Before 2.62.5
Gnome Glib	From 2.63.0 to 2.63.6

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Active Iq Unified Manager	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-552

Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

References (12)

https://access.redhat.com/security/cve/CVE-2021-3800

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1938284

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a51995

Source: secalert@redhat.com

PatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2022/09/msg00020.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20221028-0004/

Source: secalert@redhat.com

Third Party Advisory

https://www.openwall.com/lists/oss-security/2017/06/23/8

Source: secalert@redhat.com

ExploitMailing ListPatchThird Party Advisory

https://access.redhat.com/security/cve/CVE-2021-3800