{"id":"CVE-2021-28153","details":"An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)","modified":"2026-03-15T22:40:06.350915Z","published":"2021-03-11T22:15:12.777Z","related":["ALSA-2021:4385","ALSA-2022:8418","MGASA-2021-0162","MGASA-2021-0318","SUSE-SU-2022:1455-1","SUSE-SU-2022:1455-2","SUSE-SU-2022:1758-1","SUSE-SU-2022:1758-2","SUSE-SU-2023:0174-1","SUSE-SU-2023:3535-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RXTD5HCP2K4AAUSWWZTBKQNHRCTAEOF/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICUTQPHZNZWX2DZR46QFLQZRHVMHIILJ/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202107-13"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210416-0003/"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/glib/-/issues/2325"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/glib","events":[{"introduced":"0"},{"fixed":"dde05fd4fcd1d96d1693723ae1d7f37ecd991215"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.66.8"}]}}],"versions":["2.20.0","2.20.1","2.21.1","2.21.2","2.21.3","2.21.4","2.21.5","2.21.6","2.22.0","2.22.2","2.23.0","2.23.1","2.23.2","2.23.3","2.23.4","2.23.5","2.23.6","2.24.0","2.25.0","2.25.10","2.25.11","2.25.12","2.25.13","2.25.14","2.25.15","2.25.2","2.25.3","2.25.4","2.25.5","2.25.6","2.25.8","2.25.9","2.27.0","2.27.1","2.27.2","2.27.3","2.27.5","2.27.90","2.27.91","2.27.92","2.27.93","2.28.0","2.29.10","2.29.12","2.29.14","2.29.16","2.29.18","2.29.2","2.29.4","2.29.6","2.29.8","2.29.90","2.31.0","2.31.10","2.31.12","2.31.14","2.31.16","2.31.18","2.31.2","2.31.20","2.31.22","2.31.4","2.31.6","2.31.8","2.32.0","2.32.1","2.33.1","2.33.10","2.33.12","2.33.14","2.33.2","2.33.3","2.33.4","2.33.6","2.33.8","2.34.0","2.35.1","2.35.2","2.35.3","2.35.4","2.35.6","2.35.7","2.35.8","2.35.9","2.36.0","2.37.0","2.37.1","2.37.2","2.37.3","2.37.4","2.37.5","2.37.6","2.37.7","2.37.92","2.37.93","2.38.0","2.39.0","2.39.1","2.39.2","2.39.3","2.39.4","2.39.90","2.39.91","2.39.92","2.41.1","2.41.2","2.41.3","2.41.4","2.41.5","2.42.0","2.43.0","2.43.1","2.43.2","2.43.3","2.43.4","2.43.90","2.43.91","2.43.92","2.45.1","2.45.2","2.45.3","2.45.4","2.45.5","2.45.6","2.45.7","2.45.8","2.46.0","2.47.1","2.47.2","2.47.3","2.47.4","2.47.5","2.47.6","2.47.92","2.48.0","2.49.1","2.49.2","2.49.3","2.49.4","2.49.5","2.49.6","2.49.7","2.50.0","2.50.1","2.51.0","2.51.1","2.51.2","2.51.3","2.51.4","2.51.5","2.52.0","2.53.1","2.53.2","2.53.3","2.53.4","2.53.5","2.53.6","2.53.7","2.54.0","2.55.0","2.55.1","2.56.0","2.57.1","2.57.2","2.57.3","2.58.0","2.59.0","2.59.1","2.59.2","2.59.3","2.60.0","2.61.0","2.61.1","2.61.2","2.61.3","2.62.0","2.63.0","2.63.1","2.63.2","2.63.3","2.63.4","2.63.5","2.63.6","2.64.0","2.65.0","2.65.1","2.65.2","2.65.3","2.66.0","2.66.1","2.66.2","2.66.3","2.66.4","2.66.5","2.66.6","2.66.7","FOR_GNOME_0_99_1","GLIB_1_1_0","GLIB_1_1_1","GLIB_1_1_10","GLIB_1_1_11","GLIB_1_1_12","GLIB_1_1_13","GLIB_1_1_14","GLIB_1_1_15","GLIB_1_1_16","GLIB_1_1_2","GLIB_1_1_3","GLIB_1_1_3a","GLIB_1_1_4","GLIB_1_1_5","GLIB_1_1_6","GLIB_1_1_7","GLIB_1_1_8","GLIB_1_1_8a","GLIB_1_1_9","GLIB_1_2_0","GLIB_1_2_9PRE1","GLIB_1_3_0","GLIB_1_3_1","GLIB_1_3_10","GLIB_1_3_11","GLIB_1_3_12","GLIB_1_3_13","GLIB_1_3_14","GLIB_1_3_15","GLIB_1_3_2","GLIB_1_3_3","GLIB_1_3_4","GLIB_1_3_5","GLIB_1_3_6","GLIB_1_3_7","GLIB_1_3_8","GLIB_1_3_9","GLIB_2_0_0","GLIB_2_0_0_RC1","GLIB_2_0_1","GLIB_2_10_0","GLIB_2_10_1","GLIB_2_11_0","GLIB_2_11_1","GLIB_2_11_2","GLIB_2_11_3","GLIB_2_11_4","GLIB_2_12_0","GLIB_2_12_1","GLIB_2_12_2","GLIB_2_13_0","GLIB_2_13_1","GLIB_2_13_2","GLIB_2_13_3","GLIB_2_13_5","GLIB_2_13_6","GLIB_2_13_7","GLIB_2_14_0","GLIB_2_14_1","GLIB_2_14_2","GLIB_2_14_3","GLIB_2_15_1","GLIB_2_15_2","GLIB_2_15_3","GLIB_2_15_4","GLIB_2_15_5","GLIB_2_15_6","GLIB_2_16_1","GLIB_2_17_0","GLIB_2_17_1","GLIB_2_17_2","GLIB_2_17_3","GLIB_2_17_4","GLIB_2_17_5","GLIB_2_17_6","GLIB_2_17_7","GLIB_2_18_0","GLIB_2_18_1","GLIB_2_19_0","GLIB_2_19_1","GLIB_2_19_10","GLIB_2_19_2","GLIB_2_19_3","GLIB_2_19_4","GLIB_2_19_5","GLIB_2_19_6","GLIB_2_19_7","GLIB_2_19_8","GLIB_2_19_9","GLIB_2_1_3","GLIB_2_1_4","GLIB_2_1_5","GLIB_2_20_0","GLIB_2_2_0","GLIB_2_3_0","GLIB_2_3_1","GLIB_2_3_2","GLIB_2_3_3","GLIB_2_3_5","GLIB_2_3_6","GLIB_2_4_0","GLIB_2_4_1","GLIB_2_5_0","GLIB_2_5_1","GLIB_2_5_2","GLIB_2_5_3","GLIB_2_5_5","GLIB_2_5_6","GLIB_2_6_0","GLIB_2_6_1","GLIB_2_7_0","GLIB_2_7_1","GLIB_2_7_2","GLIB_2_7_3","GLIB_2_7_4","GLIB_2_7_5","GLIB_2_7_6","GLIB_2_7_7","GLIB_2_8_0","GLIB_2_8_1","GLIB_2_9_0","GLIB_2_9_1","GLIB_2_9_2","GLIB_2_9_3","GLIB_2_9_4","GLIB_2_9_5","GLIB_2_9_6","GLIB_GNOME_0_99_1","GLIB_VERSION_1_1_3","GNOME_PRINT_0_24","GOBJECT_GType_guint","GTK_2_5_4","GTK_2_7_4","GTK_ALL_1_3_6","PRE_CLEANUP","R_2_0_core","glib-2-0-branchpoint","glib-2-10-branchpoint","glib-2-12-branchpoint","glib-2-2-branchpoint","glib-2-4-branchpoint","glib-2-6-branchpoint","glib-2.25.7","gobject_0_10_0","gobject_0_9_0","start"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-28153.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}