CVE-2024-34397

EUVD-2024-34763
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.2 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Affected Products (NVD)
VendorProductVersion
gnomeglib
𝑥
< 2.78.5
gnomeglib
2.79.0 ≤
𝑥
< 2.80.1
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
SiemensRUGGEDCOM RST2428P
𝑥
< V3.1
ADP
SiemensSCALANCE XC-300\/XR-300\/XC-400\/XR-500WG\/XR-500 family
𝑥
< *
ADP
SiemensSCALANCE XCM-\/XRM-\/XCH-\/XRH-300 family
𝑥
< V3.1
ADP
SiemensSIMATIC S7-1500 CPU 1518-4 PN\/DP MFP
V3.1.5 ≤
𝑥
< *
ADP
SiemensSIMATIC S7-1500 CPU 1518-4 PN\/DP MFP
V3.1.5 ≤
𝑥
< *
ADP
SiemensSIMATIC S7-1500 CPU 1518F-4 PN\/DP MFP
V3.1.5 ≤
𝑥
< *
ADP
SiemensSIMATIC S7-1500 CPU 1518F-4 PN\/DP MFP
V3.1.5 ≤
𝑥
< *
ADP
SiemensSIPLUS S7-1500 CPU 1518-4 PN\/DP MFP
V3.1.5 ≤
𝑥
< *
ADP
Debian logo
Debian Releases
Debian Product
Codename
glib2.0
bookworm
2.74.6-2+deb12u7
fixed
bookworm (security)
2.74.6-2+deb12u2
fixed
bullseye
2.66.8-1+deb11u4
fixed
bullseye (security)
2.66.8-1+deb11u7
fixed
forky
2.86.3-1
fixed
sid
2.86.3-2
fixed
trixie
2.84.4-3~deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
glib2.0
bionic
needs-triage
focal
Fixed 2.64.6-1~ubuntu20.04.7
released
jammy
Fixed 2.72.4-0ubuntu2.3
released
mantic
Fixed 2.78.0-2ubuntu0.1
released
noble
Fixed 2.80.0-6ubuntu3.1
released
oracular
Fixed 2.80.1-1
released
plucky
Fixed 2.80.1-1
released
questing
Fixed 2.80.1-1
released
trusty
needs-triage
xenial
needs-triage
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gio-branding-SLE-15
suse enterprise desktop 15 SP6
150600.35.2.1
fixed
suse enterprise desktop 15 SP7
150600.35.2.1
fixed
suse enterprise sap 15 SP6
150600.35.2.1
fixed
suse enterprise sap 15 SP7
150600.35.2.1
fixed
suse enterprise server 15 SP6
150600.35.2.1
fixed
suse enterprise server 15 SP7
150600.35.2.1
fixed
glib2-devel
suse enterprise desktop 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise desktop 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise desktop 15 SP7
2.78.6-150600.4.3.1
fixed
suse enterprise sap 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise sap 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise sap 15 SP7
2.78.6-150600.4.3.1
fixed
suse enterprise server 15 SP4
2.70.5-150400.3.14.1
fixed
suse enterprise server 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise server 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise server 15 SP7
2.78.6-150600.4.3.1
fixed
glib2-lang
suse enterprise desktop 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise desktop 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise desktop 15 SP7
2.78.6-150600.4.3.1
fixed
suse enterprise sap 12 SP5
2.48.2-12.40.1
fixed
suse enterprise sap 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise sap 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise sap 15 SP7
2.78.6-150600.4.3.1
fixed
suse enterprise server 12 SP3
2.48.2-12.40.1
fixed
suse enterprise server 12 SP5
2.48.2-12.40.1
fixed
suse enterprise server 15 SP4
2.70.5-150400.3.14.1
fixed
suse enterprise server 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise server 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise server 15 SP7
2.78.6-150600.4.3.1
fixed
glib2-tools
suse enterprise desktop 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise desktop 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise desktop 15 SP7
2.78.6-150600.4.3.1
fixed
suse enterprise sap 12 SP5
2.48.2-12.40.1
fixed
suse enterprise sap 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise sap 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise sap 15 SP7
2.78.6-150600.4.3.1
fixed
suse enterprise server 12 SP3
2.48.2-12.40.1
fixed
suse enterprise server 12 SP5
2.48.2-12.40.1
fixed
suse enterprise server 15 SP4
2.70.5-150400.3.14.1
fixed
suse enterprise server 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise server 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise server 15 SP7
2.78.6-150600.4.3.1
fixed
libgio-2_0-0
suse enterprise desktop 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise desktop 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise desktop 15 SP7
2.78.6-150600.4.3.1
fixed
suse enterprise sap 12 SP5
2.48.2-12.40.1
fixed
suse enterprise sap 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise sap 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise sap 15 SP7
2.78.6-150600.4.3.1
fixed
suse enterprise server 12 SP3
2.48.2-12.40.1
fixed
suse enterprise server 12 SP5
2.48.2-12.40.1
fixed
suse enterprise server 15 SP4
2.70.5-150400.3.14.1
fixed
suse enterprise server 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise server 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise server 15 SP7
2.78.6-150600.4.3.1
fixed
libgio-2_0-0-32bit
suse enterprise desktop 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise desktop 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise desktop 15 SP7
2.78.6-150600.4.3.1
fixed
suse enterprise sap 12 SP5
2.48.2-12.40.1
fixed
suse enterprise sap 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise sap 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise sap 15 SP7
2.78.6-150600.4.3.1
fixed
suse enterprise server 12 SP3
2.48.2-12.40.1
fixed
suse enterprise server 12 SP5
2.48.2-12.40.1
fixed
suse enterprise server 15 SP4
2.70.5-150400.3.14.1
fixed
suse enterprise server 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise server 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise server 15 SP7
2.78.6-150600.4.3.1
fixed
libglib-2_0-0
suse enterprise desktop 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise desktop 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise desktop 15 SP7
2.78.6-150600.4.3.1
fixed
suse enterprise sap 12 SP5
2.48.2-12.40.1
fixed
suse enterprise sap 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise sap 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise sap 15 SP7
2.78.6-150600.4.3.1
fixed
suse enterprise server 12 SP3
2.48.2-12.40.1
fixed
suse enterprise server 12 SP5
2.48.2-12.40.1
fixed
suse enterprise server 15 SP4
2.70.5-150400.3.14.1
fixed
suse enterprise server 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise server 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise server 15 SP7
2.78.6-150600.4.3.1
fixed
libglib-2_0-0-32bit
suse enterprise desktop 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise desktop 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise desktop 15 SP7
2.78.6-150600.4.3.1
fixed
suse enterprise sap 12 SP5
2.48.2-12.40.1
fixed
suse enterprise sap 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise sap 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise sap 15 SP7
2.78.6-150600.4.3.1
fixed
suse enterprise server 12 SP3
2.48.2-12.40.1
fixed
suse enterprise server 12 SP5
2.48.2-12.40.1
fixed
suse enterprise server 15 SP4
2.70.5-150400.3.14.1
fixed
suse enterprise server 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise server 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise server 15 SP7
2.78.6-150600.4.3.1
fixed
libgmodule-2_0-0
suse enterprise desktop 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise desktop 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise desktop 15 SP7
2.78.6-150600.4.3.1
fixed
suse enterprise sap 12 SP5
2.48.2-12.40.1
fixed
suse enterprise sap 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise sap 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise sap 15 SP7
2.78.6-150600.4.3.1
fixed
suse enterprise server 12 SP3
2.48.2-12.40.1
fixed
suse enterprise server 12 SP5
2.48.2-12.40.1
fixed
suse enterprise server 15 SP4
2.70.5-150400.3.14.1
fixed
suse enterprise server 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise server 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise server 15 SP7
2.78.6-150600.4.3.1
fixed
libgmodule-2_0-0-32bit
suse enterprise desktop 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise desktop 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise desktop 15 SP7
2.78.6-150600.4.3.1
fixed
suse enterprise sap 12 SP5
2.48.2-12.40.1
fixed
suse enterprise sap 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise sap 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise sap 15 SP7
2.78.6-150600.4.3.1
fixed
suse enterprise server 12 SP3
2.48.2-12.40.1
fixed
suse enterprise server 12 SP5
2.48.2-12.40.1
fixed
suse enterprise server 15 SP4
2.70.5-150400.3.14.1
fixed
suse enterprise server 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise server 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise server 15 SP7
2.78.6-150600.4.3.1
fixed
libgobject-2_0-0
suse enterprise desktop 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise desktop 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise desktop 15 SP7
2.78.6-150600.4.3.1
fixed
suse enterprise sap 12 SP5
2.48.2-12.40.1
fixed
suse enterprise sap 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise sap 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise sap 15 SP7
2.78.6-150600.4.3.1
fixed
suse enterprise server 12 SP3
2.48.2-12.40.1
fixed
suse enterprise server 12 SP5
2.48.2-12.40.1
fixed
suse enterprise server 15 SP4
2.70.5-150400.3.14.1
fixed
suse enterprise server 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise server 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise server 15 SP7
2.78.6-150600.4.3.1
fixed
libgobject-2_0-0-32bit
suse enterprise desktop 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise desktop 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise desktop 15 SP7
2.78.6-150600.4.3.1
fixed
suse enterprise sap 12 SP5
2.48.2-12.40.1
fixed
suse enterprise sap 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise sap 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise sap 15 SP7
2.78.6-150600.4.3.1
fixed
suse enterprise server 12 SP3
2.48.2-12.40.1
fixed
suse enterprise server 12 SP5
2.48.2-12.40.1
fixed
suse enterprise server 15 SP4
2.70.5-150400.3.14.1
fixed
suse enterprise server 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise server 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise server 15 SP7
2.78.6-150600.4.3.1
fixed
libgthread-2_0-0
suse enterprise desktop 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise desktop 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise desktop 15 SP7
2.78.6-150600.4.3.1
fixed
suse enterprise sap 12 SP5
2.48.2-12.40.1
fixed
suse enterprise sap 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise sap 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise sap 15 SP7
2.78.6-150600.4.3.1
fixed
suse enterprise server 12 SP3
2.48.2-12.40.1
fixed
suse enterprise server 12 SP5
2.48.2-12.40.1
fixed
suse enterprise server 15 SP4
2.70.5-150400.3.14.1
fixed
suse enterprise server 15 SP5
2.70.5-150400.3.14.1
fixed
suse enterprise server 15 SP6
2.78.6-150600.4.3.1
fixed
suse enterprise server 15 SP7
2.78.6-150600.4.3.1
fixed
libgthread-2_0-0-32bit
suse enterprise sap 12 SP5
2.48.2-12.40.1
fixed
suse enterprise server 12 SP3
2.48.2-12.40.1
fixed
suse enterprise server 12 SP5
2.48.2-12.40.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
glib2
RHEL 8
0:2.56.4-166.el8_10
fixed
RHEL 8.2 AUS
0:2.56.4-8.el8_2.2
fixed
RHEL 8.4 AUS
0:2.56.4-10.el8_4.2
fixed
RHEL 8.6 AUS
0:2.56.4-158.el8_6.2
fixed
RHEL 8.6 E4S
0:2.56.4-158.el8_6.2
fixed
RHEL 8.6 TUS
0:2.56.4-158.el8_6.2
fixed
RHEL 8.8 E4S
0:2.56.4-162.el8_8
fixed
RHEL 8.8 TUS
0:2.56.4-162.el8_8
fixed
RHEL 9
0:2.68.4-14.el9_4.1
fixed
glib2-devel
RHEL 8
0:2.56.4-166.el8_10
fixed
RHEL 8.2 AUS
0:2.56.4-8.el8_2.2
fixed
RHEL 8.4 AUS
0:2.56.4-10.el8_4.2
fixed
RHEL 8.6 AUS
0:2.56.4-158.el8_6.2
fixed
RHEL 8.6 E4S
0:2.56.4-158.el8_6.2
fixed
RHEL 8.6 TUS
0:2.56.4-158.el8_6.2
fixed
RHEL 8.8 E4S
0:2.56.4-162.el8_8
fixed
RHEL 8.8 TUS
0:2.56.4-162.el8_8
fixed
RHEL 9
0:2.68.4-14.el9_4.1
fixed
glib2-doc
RHEL 8
0:2.56.4-166.el8_10
fixed
RHEL 9
0:2.68.4-14.el9_4.1
fixed
glib2-fam
RHEL 8
0:2.56.4-166.el8_10
fixed
RHEL 8.2 AUS
0:2.56.4-8.el8_2.2
fixed
RHEL 8.4 AUS
0:2.56.4-10.el8_4.2
fixed
RHEL 8.6 AUS
0:2.56.4-158.el8_6.2
fixed
RHEL 8.6 E4S
0:2.56.4-158.el8_6.2
fixed
RHEL 8.6 TUS
0:2.56.4-158.el8_6.2
fixed
RHEL 8.8 E4S
0:2.56.4-162.el8_8
fixed
RHEL 8.8 TUS
0:2.56.4-162.el8_8
fixed
glib2-static
RHEL 8
0:2.56.4-166.el8_10
fixed
RHEL 9
0:2.68.4-14.el9_4.1
fixed
glib2-tests
RHEL 8
0:2.56.4-166.el8_10
fixed
RHEL 8.2 AUS
0:2.56.4-8.el8_2.2
fixed
RHEL 8.4 AUS
0:2.56.4-10.el8_4.2
fixed
RHEL 8.6 AUS
0:2.56.4-158.el8_6.2
fixed
RHEL 8.6 E4S
0:2.56.4-158.el8_6.2
fixed
RHEL 8.6 TUS
0:2.56.4-158.el8_6.2
fixed
RHEL 8.8 E4S
0:2.56.4-162.el8_8
fixed
RHEL 8.8 TUS
0:2.56.4-162.el8_8
fixed
RHEL 9
0:2.68.4-14.el9_4.1
fixed
mingw32-glib2
RHEL 9
0:2.78.6-1.el9
fixed
mingw32-glib2-static
RHEL 9
0:2.78.6-1.el9
fixed
mingw64-glib2
RHEL 9
0:2.78.6-1.el9
fixed
mingw64-glib2-static
RHEL 9
0:2.78.6-1.el9
fixed
Common Weakness Enumeration
References
https://gitlab.gnome.org/GNOME/glib/-/issues/3268
https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/
https://security.netapp.com/advisory/ntap-20240531-0008/
https://www.openwall.com/lists/oss-security/2024/05/07/5
https://gitlab.gnome.org/GNOME/glib/-/issues/3268
https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/
https://security.netapp.com/advisory/ntap-20240531-0008/
https://www.openwall.com/lists/oss-security/2024/05/07/5
https://cert-portal.siemens.com/productcert/html/ssa-082556.html
https://cert-portal.siemens.com/productcert/html/ssa-613116.html