CVE-2024-34397

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.
References
Link Resource
https://gitlab.gnome.org/GNOME/glib/-/issues/3268 Exploit Issue Tracking Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/ Third Party Advisory Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/ Third Party Advisory Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/ Third Party Advisory Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/ Third Party Advisory Mailing List
https://security.netapp.com/advisory/ntap-20240531-0008/ Third Party Advisory
https://www.openwall.com/lists/oss-security/2024/05/07/5 Mailing List
https://gitlab.gnome.org/GNOME/glib/-/issues/3268 Exploit Issue Tracking Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/ Third Party Advisory Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/ Third Party Advisory Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/ Third Party Advisory Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/ Third Party Advisory Mailing List
https://security.netapp.com/advisory/ntap-20240531-0008/ Third Party Advisory
https://www.openwall.com/lists/oss-security/2024/05/07/5 Mailing List
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*
cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*

History

18 Jun 2025, 14:36

Type Values Removed Values Added
References () https://gitlab.gnome.org/GNOME/glib/-/issues/3268 - () https://gitlab.gnome.org/GNOME/glib/-/issues/3268 - Exploit, Issue Tracking, Vendor Advisory
References () https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html - () https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/ - Third Party Advisory, Mailing List
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/ - Third Party Advisory, Mailing List
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/ - Third Party Advisory, Mailing List
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/ - Third Party Advisory, Mailing List
References () https://security.netapp.com/advisory/ntap-20240531-0008/ - () https://security.netapp.com/advisory/ntap-20240531-0008/ - Third Party Advisory
References () https://www.openwall.com/lists/oss-security/2024/05/07/5 - () https://www.openwall.com/lists/oss-security/2024/05/07/5 - Mailing List
First Time Gnome glib
Fedoraproject fedora
Netapp ontap Tools
Debian
Netapp
Debian debian Linux
Gnome
Fedoraproject
CPE cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

21 Nov 2024, 09:18

Type Values Removed Values Added
References () https://gitlab.gnome.org/GNOME/glib/-/issues/3268 - () https://gitlab.gnome.org/GNOME/glib/-/issues/3268 -
References () https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html - () https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/ -
References () https://security.netapp.com/advisory/ntap-20240531-0008/ - () https://security.netapp.com/advisory/ntap-20240531-0008/ -
References () https://www.openwall.com/lists/oss-security/2024/05/07/5 - () https://www.openwall.com/lists/oss-security/2024/05/07/5 -

15 Nov 2024, 18:35

Type Values Removed Values Added
CWE CWE-290
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.2

10 Jun 2024, 18:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/ -

10 Jun 2024, 17:16

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en GNOME GLib anterior a 2.78.5 y en 2.79.x y 2.80.x anterior a 2.80.1. Cuando un cliente basado en GDBus se suscribe a señales de un servicio de sistema confiable, como NetworkManager, en un ordenador compartido, otros usuarios del mismo ordenador pueden enviar señales D-Bus falsificadas que el cliente basado en GDBus interpretará erróneamente como enviadas por el mismo. servicio de sistema confiable. Esto podría provocar que el cliente basado en GDBus se comporte incorrectamente, con un impacto que depende de la aplicación.
References
  • () https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/ -
  • () https://security.netapp.com/advisory/ntap-20240531-0008/ -

07 May 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-07 18:15

Updated : 2025-06-18 14:36


NVD link : CVE-2024-34397

Mitre link : CVE-2024-34397

CVE.ORG link : CVE-2024-34397


JSON object : View

Products Affected

debian

  • debian_linux

gnome

  • glib

netapp

  • ontap_tools

fedoraproject

  • fedora
CWE
CWE-290

Authentication Bypass by Spoofing