CVE-2021-3800
MEDIUMglib < 2.63.6 - Information Disclosure via Charset Alias
Title source: llmDescription
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
References (6)
Core 6
Core References
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/09/msg00020.html
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2021-3800
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1938284
Patch, Vendor Advisory
https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a51995
Third Party Advisory
https://security.netapp.com/advisory/ntap-20221028-0004/
Exploit, Mailing List, Patch, Third Party Advisory
https://www.openwall.com/lists/oss-security/2017/06/23/8
Scores
CVSS v3
5.5
EPSS
0.0006
EPSS Percentile
19.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-552
CWE-200
Status
published
Products (3)
debian/debian_linux
10.0
gnome/glib
< 2.62.5
netapp/active_iq_unified_manager
Published
Aug 23, 2022
Tracked Since
Feb 18, 2026