CVE-2021-3800 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2021-3800

CVE-2021-3800

August 23, 2022

A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.

Related Resources (10)

https://security-tracker.debian.org/tracker/CVE-2021-3800

https://bugzilla.redhat.com/show_bug.cgi?id=1938284

https://www.openwall.com/lists/oss-security/2017/06/23/8

https://security.netapp.com/advisory/ntap-20221028-0004/

https://ubuntu.com/security/CVE-2021-3800

https://github.com/GNOME/glib/commit/3529bb4450a51995

https://lists.debian.org/debian-lts-announce/2022/09/msg00020.html

https://access.redhat.com/security/cve/CVE-2021-3800

https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a51995

https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3800

Do you need more information?

CVSS v4

Base Score:

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

PASSIVE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Weakness Type (CWE)

Files or Directories Accessible to External Parties

CWE-552

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

EPSS

Base Score:

0.06

Products

Solutions

Resources

Company

Compare

Developer Tools