PT-2020-6983 · Glib+8 · Glib+8

Pedro Sampaio

Published

2020-02-07

Updated

2025-10-19

CVE-2021-3800

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions glib versions prior to 2.63.6

Description A flaw was found in glib due to random charset alias, which can cause pkexec to leak content from files owned by privileged users to unprivileged ones under the right condition. This issue is related to information disclosure, allowing an attacker to access confidential data.

Recommendations For versions prior to 2.63.6, update to version 2.63.6 or later to resolve the issue. As a temporary workaround, consider restricting access to pkexec to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-552

Related Identifiers

ALSA-2021:4385

ALT-PU-2020-1480

BDU:2024-07303

CESA-2021_4385

CVE-2021-3800

DLA-3110-1

JLSEC-2025-159

RHSA-2021:4385

RHSA-2021_4385

RLSA-2021:4385

SUSE-SU-2022:0828-1

SUSE-SU-2022_0828-1

USN-5189-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Red Hat

Rocky Linux

Suse

Ubuntu

Glib

PT-2020-6983 · Glib+8 · Glib+8

CVE-2021-3800

Weakness Enumeration

Related Identifiers

Affected Products

References · 40