An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-03T21:40:12.088Z

Reserved: 2021-03-11T00:00:00

Link: CVE-2021-28153

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-03-11T22:15:12.777

Modified: 2024-11-21T05:59:11.820

Link: CVE-2021-28153

cve-icon Redhat

Severity : Low

Publid Date: 2021-03-10T00:00:00Z

Links: CVE-2021-28153 - Bugzilla

cve-icon OpenCVE Enrichment

No data.