CVE-2024-34397

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.2 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
mitreCNA
---
---
CISA-ADPADP
5.2 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
gnomeglib
𝑥
< 2.78.5
gnomeglib
2.79.0 ≤
𝑥
< 2.80.1
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glib2.0
bullseye
2.66.8-1+deb11u4
fixed
bullseye (security)
2.66.8-1+deb11u6
fixed
bookworm
2.74.6-2+deb12u6
fixed
bookworm (security)
2.74.6-2+deb12u2
fixed
trixie
2.84.3-1
fixed
sid
2.84.3-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
glib2.0
plucky
Fixed 2.80.1-1
released
oracular
Fixed 2.80.1-1
released
noble
Fixed 2.80.0-6ubuntu3.1
released
mantic
Fixed 2.78.0-2ubuntu0.1
released
jammy
Fixed 2.72.4-0ubuntu2.3
released
focal
Fixed 2.64.6-1~ubuntu20.04.7
released
bionic
needs-triage
xenial
needs-triage
trusty
needs-triage
Common Weakness Enumeration
References
https://gitlab.gnome.org/GNOME/glib/-/issues/3268
https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/
https://security.netapp.com/advisory/ntap-20240531-0008/
https://www.openwall.com/lists/oss-security/2024/05/07/5
https://gitlab.gnome.org/GNOME/glib/-/issues/3268
https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/
https://security.netapp.com/advisory/ntap-20240531-0008/
https://www.openwall.com/lists/oss-security/2024/05/07/5