#VU104138 Link following in glog - CVE-2024-45339

Cybersecurity Help s.r.o.

Published: 2025-02-21

Vulnerability identifier: #VU104138

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45339

CWE-ID: CWE-59

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
glog
Other software / Other software solutions

Vendor: Google

Description

The vulnerability allows a local user to overwrite arbitrary files on the system.

The vulnerability exists due to insecure link following when writing log files. A local user can point a symbolic link to a critical file on the system and overwrite it with the log data.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

glog: 0.1 - 1.2.3

External links
https://github.com/golang/glog/pull/74
https://github.com/golang/glog/pull/74/commits/b8741656e406e66d6992bc2c9575e460ecaa0ec2
https://groups.google.com/g/golang-announce/c/H-Q4ouHWyKs
https://lists.debian.org/debian-lts-announce/2025/02/msg00019.html
https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File
https://pkg.go.dev/vuln/GO-2025-3372

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for grafana

SUSE update for google-osconfig-agent

Insecure link following in Go Glog