Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-34397

Опубликовано: 07 мая 2024
Источник: nvd
CVSS3: 5.2
EPSS Низкий

Описание

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*
Версия до 2.78.5 (исключая)
cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*
Версия от 2.79.0 (включая) до 2.80.1 (исключая)
Конфигурация 2
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*

EPSS

Процентиль: 25%
0.00083
Низкий

5.2 Medium

CVSS3

Дефекты

CWE-290

Связанные уязвимости

ubuntu логотип

CVE-2024-34397

CVSS3: 5.2
ubuntu
больше 1 года назад

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.

redhat логотип

CVE-2024-34397

CVSS3: 3.8
redhat
больше 1 года назад

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.

msrc логотип

CVE-2024-34397

CVSS3: 5.2
msrc
5 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-34397

CVSS3: 5.2
debian
больше 1 года назад

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2. ...

suse-cvrf логотип

SUSE-SU-2024:3208-1

suse-cvrf
11 месяцев назад

Security update for glib2

EPSS

Процентиль: 25%
0.00083
Низкий

5.2 Medium

CVSS3

Дефекты

CWE-290