DEBIAN-CVE-2024-36472

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2024-36472

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-36472.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2024-36472

Upstream

CVE-2024-36472

Published

2024-05-28T16:15:17Z

Modified

2025-10-14T04:26:33.820596Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior.

References

https://security-tracker.debian.org/tracker/CVE-2024-36472

Affected packages

Debian:11 / gnome-shell

Package

Name: gnome-shell
Purl: pkg:deb/debian/gnome-shell?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.38.4-1

3.38.4-2

3.38.6-1~deb11u1

3.38.6-1~deb11u2

3.38.6-1

40.*

40.1-1

40.2-1

40.4-1

40.4-2

40.4-3

40.5-1

41.*

41.0-1

41.0-2

41.1-1

41.2-1

41.3-1

41.3-2

41.4-1

Other

42~beta-1

42~rc-1

43~beta-1

43~beta-2

43~rc-1

44~beta-1

44~rc-1

45~rc-1

47~beta-1

47~rc-1

47~rc-3

48~beta-1

48~beta-2

48~beta-3

48~beta-4

48~rc-1

48~rc-2

42.*

42.0-1

42.0-2

42.0-3

42.0-4

42.0-5

42.1-1

42.2-1

42.3.1-1

42.3.1-2

42.4-1

42.4-2

43.*

43.0-1

43.0-2

43.1-1

43.1-2

43.2-1

43.2-2

43.3-1

43.3-2

43.3-3

43.4-1

43.6-1~deb12u1

43.6-1~deb12u2

43.6-1

43.7-1

43.7-2

44.*

44.0-1

44.0-2

44.1-1

44.2-1

44.3-1

44.3-2

44.3-3

44.3-4

44.3-5

44.4-1

44.5-1

44.5-2

44.7-1

44.7-2

44.8-1

44.9-1

44.9-2

45.*

45.0-1

45.1-1

45.2-1

45.2-2

45.3-1

45.3-2

46.*

46.0-1

46.0-2

46.1-1

46.2-1

46.3.1-1

46.3.1-2

46.3.1-3

46.3.1-4

46.4-1

47.*

47.0-1

47.0-2

47.0-3

47.1-1

47.1-2

47.2-1

47.2-2

47.3-1

48.*

48.0-1

48.1-1

48.2-1

48.2-2

48.2-3

48.3-1

48.4-1~deb13u1

48.4-1

48.5-1

48.5-2

48.5-3

49.*

49.0-1

49.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / gnome-shell

Package

Name: gnome-shell
Purl: pkg:deb/debian/gnome-shell?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

43.*

43.4-1

43.6-1~deb12u1

43.6-1~deb12u2

43.6-1

43.7-1

43.7-2

43.9-0+deb12u1

43.9-0+deb12u2

Other

44~beta-1

44~rc-1

45~rc-1

47~beta-1

47~rc-1

47~rc-3

48~beta-1

48~beta-2

48~beta-3

48~beta-4

48~rc-1

48~rc-2

44.*

44.0-1

44.0-2

44.1-1

44.2-1

44.3-1

44.3-2

44.3-3

44.3-4

44.3-5

44.4-1

44.5-1

44.5-2

44.7-1

44.7-2

44.8-1

44.9-1

44.9-2

45.*

45.0-1

45.1-1

45.2-1

45.2-2

45.3-1

45.3-2

46.*

46.0-1

46.0-2

46.1-1

46.2-1

46.3.1-1

46.3.1-2

46.3.1-3

46.3.1-4

46.4-1

47.*

47.0-1

47.0-2

47.0-3

47.1-1

47.1-2

47.2-1

47.2-2

47.3-1

48.*

48.0-1

48.1-1

48.2-1

48.2-2

48.2-3

48.3-1

48.4-1~deb13u1

48.4-1

48.5-1

48.5-2

48.5-3

49.*

49.0-1

49.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / gnome-shell

Package

Name: gnome-shell
Purl: pkg:deb/debian/gnome-shell?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

47.0-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / gnome-shell

Package

Name: gnome-shell
Purl: pkg:deb/debian/gnome-shell?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

47.0-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}