Spoofing issue in GNOME GLib affecting trusted system services
CVE-2024-34397

Currently unrated

Key Information:

Vendor: GNOME
Status: GLib
Vendor: CVE Published:; 7 May 2024

Summary

A vulnerability exists in GNOME GLib where a GDBus client can misinterpret spoofed D-Bus signals sent by other users on a shared system. This occurs when the client subscribes to signals from trusted services, such as NetworkManager. Due to this flaw, unauthorized users can send misleading signals, causing the GDBus client to execute unintended actions, leading to unpredictable application behavior.

References

https://gitlab.gnome.org/GNOME/glib/-/issues/3268

https://www.openwall.com/lists/oss-security/2024/05/07/5

Timeline

Vulnerability published
May 7, 2024
Vulnerability Reserved
May 2, 2024