Symlink Vulnerability in GNOME GLib Affects File Handling
CVE-2021-28153

5.3MEDIUM

Key Information:

Vendor

Gnome
Status
Glib
Vendor
CVE Published:
11 March 2021

What is CVE-2021-28153?

A vulnerability in GNOME GLib prior to version 2.66.8 allows for improper handling of dangling symlinks when using g_file_replace() with the G_FILE_CREATE_REPLACE_DESTINATION flag. This issue could lead to the unintended creation of an empty file at the destination of the symlink if controlled by an attacker. While existing files remain unchanged when the symlink points to them, this behavior raises concerns regarding potential exploitation and manipulation of files in systems leveraging this library.

References

https://gitlab.gnome.org/GNOME/glib/-/issues/2325
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://security.netapp.com/advisory/ntap-20210416-0003/
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.