CVE-2024-34397
published 2024-05-07CVE-2024-34397: An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system…
medium5.2CVSS 3.1
AVPACLPRNUINSUCNIHAL
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | glib2.0 | < glib2.0 2.74.6-2+deb12u1 (bookworm) | glib2.0 2.74.6-2+deb12u1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| gnome | glib | < 2.78.5 | 2.78.5 |
| gnome | glib | >= 2.79.0 < 2.80.1 | 2.80.1 |
| msrc | azl3_glib_2.78.1-5_on_azure_linux_3.0 | — | — |
| msrc | azl3_glib_2.78.6-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_glib_2.71.0-5_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_glib_2.71.0-6_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_glib_2.71.0-7_on_cbl_mariner_2.0 | — | — |
| netapp | ontap_tools | — | — |
CVSS provenance
nvdv3.15.2MEDIUMCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
osv5.2MEDIUM