Spoofing issue in GNOME GLib affecting trusted system services
CVE-2024-34397

5.2MEDIUM

Key Information:

Vendor

GNOME
Status
GLib
Vendor
CVE Published:
7 May 2024

What is CVE-2024-34397?

A vulnerability exists in GNOME GLib where a GDBus client can misinterpret spoofed D-Bus signals sent by other users on a shared system. This occurs when the client subscribes to signals from trusted services, such as NetworkManager. Due to this flaw, unauthorized users can send misleading signals, causing the GDBus client to execute unintended actions, leading to unpredictable application behavior.

References

https://gitlab.gnome.org/GNOME/glib/-/issues/3268
https://www.openwall.com/lists/oss-security/2024/05/07/5
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
5.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.