vulnerability

Debian: CVE-2024-45339: golang-glog -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:N)

Published

Jan 28, 2025

Added

Feb 20, 2025

Modified

Mar 30, 2026

Description

When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.

Solution

debian-upgrade-golang-glog

References

CVE-2024-45339
https://attackerkb.com/topics/CVE-2024-45339
DEBIAN-DLA-4056-1
EUVD-EUVD-2025-0139
https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-0139

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report