CVE-2021-28153

MEDIUM Year: 2021
CVSS v3 Score
5.3
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-59
View all →

Vulnerability Description

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)

Related Vulnerabilities

CVE-2018-5107

MEDIUM
CVSS:5.3(Medium)

The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitr...

CWE-592018

CVE-2022-4122

MEDIUM
CVSS:5.3(Medium)

A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.

CWE-592022

CVE-2023-41971

MEDIUM
CVSS:5.3(Medium)

An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Windows allows a system file to be overwritten.This issue affects Client Connector on Win...

CWE-592023

CVE-2024-21397

MEDIUM
CVSS:5.3(Medium)

Microsoft Azure File Sync Elevation of Privilege Vulnerability

CWE-592024

CVE-2024-7236

MEDIUM
CVSS:5.3(Medium)

AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG An...

CWE-592024

CVE-1999-0783

MEDIUM
CVSS:5.5(Medium)

FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.

CWE-591999