THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-34397

Reserved:2024-05-02
Published:2024-05-07
Updated:2024-06-10

Description

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.

References

https://gitlab.gnome.org/GNOME/glib/-/issues/3268

https://www.openwall.com/lists/oss-security/2024/05/07/5

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/ (FEDORA-2024-be032e564d) vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/ (FEDORA-2024-2ce1c754f7) vendor-advisory

https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html ([debian-lts-announce] 20240513 [SECURITY] [DLA 3814-1] glib2.0 security update) mailing-list

https://security.netapp.com/advisory/ntap-20240531-0008/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/ (FEDORA-2024-fd2569c4e9) vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/ (FEDORA-2024-635a54eb7e) vendor-advisory

cve.org CVE-2024-34397

nvd.nist.gov CVE-2024-34397

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-34397