CVE-2021-3800
Published: 2 November 2021
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
Priority
Status
Package | Release | Status |
---|---|---|
glib2.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(2.56.4-0ubuntu0.18.04.9)
|
hirsute |
Not vulnerable
(2.68.1-1~ubuntu21.04.1)
|
|
impish |
Not vulnerable
(2.68.4-1ubuntu1)
|
|
trusty |
Released
(2.40.2-0ubuntu1.1+esm4)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(2.62.5)
|
|
xenial |
Released
(2.48.2-0ubuntu4.8+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
focal |
Not vulnerable
(2.64.6-1~ubuntu20.04.4)
|
|
Patches: upstream: https://gitlab.gnome.org/GNOME/glib/commit/3529bb4450a51995 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |