CVE-2021-3800
glib2.0 - security update
5.5
MEDIUM
CVSS 3.1
EPSS 0.07%
Description
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
How to fix CVE-2021-3800
To remediate CVE-2021-3800, upgrade the affected package to a fixed version below.
- Debian/glib2.0—upgrade to 2.64.0-1 or later
- —upgrade to 2.58.3-2+deb10u4 or later
Is CVE-2021-3800 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.64.0-1
- from 0, < 2.58.3-2+deb10u4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |