CVE-2024-34397

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-34397
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-34397.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-34397
Downstream
Related
Published
2024-05-07T18:15:08.350Z
Modified
2026-02-04T21:35:14.989247Z
Severity
  • 5.2 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L CVSS Calculator
Summary
[none]
Details

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.

References

Affected packages

Git / github.com/gnome/glib

Affected ranges

Type
GIT
Repo
https://github.com/gnome/glib
Events
Fixed
d18807b5ffc6dedc2db5225b044063f65720bf56
Introduced
e597b189c36651d83dd72dfdc8530682c80fc235
Fixed
dd0e9590e772c87b3b3a6a8dd1d8fb8eb8648f95

Affected versions

2.*
2.79.0
2.79.1
2.79.2
2.79.3
2.80.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-34397.json"