Medium severity5.2NVD Advisory· Published May 7, 2024· Updated May 12, 2026
CVE-2024-34397
CVE-2024-34397
Description
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
38cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*range: <2.78.5
- (no CPE)
- (no CPE)range: <2.78.5 || (>=2.79.0 <2.80.1)
- cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
- osv-coords31 versionspkg:rpm/almalinux/glib2pkg:rpm/almalinux/glib2-develpkg:rpm/almalinux/glib2-docpkg:rpm/almalinux/glib2-fampkg:rpm/almalinux/glib2-staticpkg:rpm/almalinux/glib2-testspkg:rpm/almalinux/mingw32-glib2pkg:rpm/almalinux/mingw32-glib2-staticpkg:rpm/almalinux/mingw64-glib2pkg:rpm/almalinux/mingw64-glib2-staticpkg:rpm/opensuse/glib2-branding-SLE&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/glib2&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/glib2&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/glib2&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/glib2&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/opensuse/glib2&distro=openSUSE%20Leap%20Micro%205.5pkg:rpm/opensuse/glib2-doc&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/glib2-doc&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/glib2-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Micro%206.0
< 2.68.4-14.el9_4.1+ 30 more
- (no CPE)range: < 2.68.4-14.el9_4.1
- (no CPE)range: < 2.68.4-14.el9_4.1
- (no CPE)range: < 2.68.4-14.el9_4.1
- (no CPE)range: < 2.56.4-166.el8_10
- (no CPE)range: < 2.68.4-14.el9_4.1
- (no CPE)range: < 2.68.4-14.el9_4.1
- (no CPE)range: < 2.78.6-1.el9
- (no CPE)range: < 2.78.6-1.el9
- (no CPE)range: < 2.78.6-1.el9
- (no CPE)range: < 2.78.6-1.el9
- (no CPE)range: < 15-150600.35.2.1
- (no CPE)range: < 2.70.5-150400.3.11.1
- (no CPE)range: < 2.78.6-150600.4.3.1
- (no CPE)range: < 2.70.5-150400.3.11.1
- (no CPE)range: < 2.70.5-150400.3.11.1
- (no CPE)range: < 2.70.5-150400.3.14.1
- (no CPE)range: < 2.70.5-150400.3.11.1
- (no CPE)range: < 2.78.6-150600.4.3.1
- (no CPE)range: < 15-150600.35.2.1
- (no CPE)range: < 2.62.6-150200.3.18.1
- (no CPE)range: < 2.62.6-150200.3.18.1
- (no CPE)range: < 2.70.5-150400.3.11.1
- (no CPE)range: < 2.70.5-150400.3.11.1
- (no CPE)range: < 2.70.5-150400.3.11.1
- (no CPE)range: < 2.70.5-150400.3.11.1
- (no CPE)range: < 2.78.6-150600.4.3.1
- (no CPE)range: < 2.48.2-12.37.1
- (no CPE)range: < 2.48.2-12.37.1
- (no CPE)range: < 2.48.2-12.37.1
- (no CPE)range: < 2.48.2-12.37.1
- (no CPE)range: < 2.76.2-5.1
Patches
Vulnerability mechanics
References
14- gitlab.gnome.org/GNOME/glib/-/issues/3268nvdExploitIssue TrackingVendor Advisory
- lists.debian.org/debian-lts-announce/2024/05/msg00008.htmlnvdMailing ListThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/nvdMailing ListThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/nvdMailing ListThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/nvdMailing ListThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/nvdMailing ListThird Party Advisory
- security.netapp.com/advisory/ntap-20240531-0008/nvdThird Party Advisory
- www.openwall.com/lists/oss-security/2024/05/07/5nvdMailing List
- cert-portal.siemens.com/productcert/html/ssa-082556.htmlnvd
- cert-portal.siemens.com/productcert/html/ssa-613116.htmlnvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/nvd
News mentions
0No linked articles in our index yet.