CVE-2021-3800
CVE-2021-3800
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
23 Aug 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
Affected products
n/a · GlibReferences
https://access.redhat.com/security/cve/CVE-2021-3800https://bugzilla.redhat.com/show_bug.cgi?id=1938284https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a51995https://lists.debian.org/debian-lts-announce/2022/09/msg00020.htmlhttps://security.netapp.com/advisory/ntap-20221028-0004/https://www.openwall.com/lists/oss-security/2017/06/23/8