CVE-2021-3800

low-risk
Published 2022-08-23

A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.

Do I need to act?

-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (3)

Affected Vendors

Debian Gnome Netapp

References (12)

Third Party Advisory https://access.redhat.com/security/cve/CVE-2021-3800
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1938284
Patch https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a51995
Mailing List https://lists.debian.org/debian-lts-announce/2022/09/msg00020.html
Third Party Advisory https://security.netapp.com/advisory/ntap-20221028-0004/
Exploit https://www.openwall.com/lists/oss-security/2017/06/23/8
Third Party Advisory https://access.redhat.com/security/cve/CVE-2021-3800
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1938284
Patch https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a51995
Mailing List https://lists.debian.org/debian-lts-announce/2022/09/msg00020.html
Third Party Advisory https://security.netapp.com/advisory/ntap-20221028-0004/
Exploit https://www.openwall.com/lists/oss-security/2017/06/23/8
27
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 9/34 · Low