CVE-2021-3800

MEDIUM

glib < 2.63.6 - Information Disclosure via Charset Alias

Title source: llm
STIX 2.1

Description

A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.

References (6)

Core 6
Core References
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/09/msg00020.html
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1938284
Exploit, Mailing List, Patch, Third Party Advisory
https://www.openwall.com/lists/oss-security/2017/06/23/8

Scores

CVSS v3 5.5
EPSS 0.0053
EPSS Percentile 41.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-200 CWE-552
Status published
Products (3)
debian/debian_linux 10.0
gnome/glib < 2.62.5
netapp/active_iq_unified_manager
Published Aug 23, 2022
Tracked Since Feb 18, 2026