{"id":"CVE-2021-28153","details":"An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)","modified":"2026-05-15T12:04:19.564576753Z","published":"2021-03-11T22:15:12.777Z","related":["ALSA-2021:4385","ALSA-2022:8418","SUSE-SU-2022:1455-1","SUSE-SU-2022:1455-2","SUSE-SU-2022:1758-1","SUSE-SU-2022:1758-2","SUSE-SU-2023:0174-1","SUSE-SU-2023:3535-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","vendor_product":"debian:debian_linux","extracted_events":[{"last_affected":"9.0"}],"cpes":["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]},{"source":"CPE_FIELD","vendor_product":"fedoraproject:fedora","cpes":["cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"33"}]}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RXTD5HCP2K4AAUSWWZTBKQNHRCTAEOF/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICUTQPHZNZWX2DZR46QFLQZRHVMHIILJ/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202107-13"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210416-0003/"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/glib/-/issues/2325"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}