CVE-2024-34397 - Vulnerability Details

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0019.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Debian Subscribe	Debian Linux Subscribe
Fedoraproject Subscribe	Fedora Subscribe
Gnome Subscribe	Glib Subscribe
Netapp Subscribe	Ontap Tools Subscribe
Redhat Subscribe	Enterprise Linux Subscribe Service Interconnect Subscribe

Configuration 1 [-]

OR	cpe:2.3:a:gnome:glib::::::::
	cpe:2.3:a:gnome:glib::::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:fedoraproject:fedora:39:::::::*
	cpe:2.3:o:fedoraproject:fedora:40:::::::*

Configuration 4 [-]

cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
rhel9/toolbox:9.4-12.1725906880	cpe:/a:redhat:enterprise_linux:9	RHBA-2024:6585	2024-09-11T00:00:00Z
ubi9/toolbox:9.4-12.1725906880	cpe:/a:redhat:enterprise_linux:9	RHBA-2024:6585	2024-09-11T00:00:00Z
glib2-0:2.68.4-14.el9_4.1	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:6464	2024-09-09T00:00:00Z
mingw-glib2-0:2.78.6-1.el9	cpe:/a:redhat:enterprise_linux:9::crb	RHSA-2024:9442	2024-11-12T00:00:00Z
glib2-0:2.68.4-14.el9_4.1	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:6464	2024-09-09T00:00:00Z
Service Interconnect 1.4 for RHEL 9
service-interconnect/skupper-config-sync-rhel9:1.4.7-3	cpe:/a:redhat:service_interconnect:1.4::el9	RHSA-2024:10135	2024-11-21T00:00:00Z
service-interconnect/skupper-flow-collector-rhel9:1.4.7-3	cpe:/a:redhat:service_interconnect:1.4::el9	RHSA-2024:10135	2024-11-21T00:00:00Z
service-interconnect/skupper-operator-bundle:1.4.7-4	cpe:/a:redhat:service_interconnect:1.4::el9	RHSA-2024:10135	2024-11-21T00:00:00Z
service-interconnect/skupper-router-rhel9:2.4.3-7	cpe:/a:redhat:service_interconnect:1.4::el9	RHSA-2024:10135	2024-11-21T00:00:00Z
service-interconnect/skupper-service-controller-rhel9:1.4.7-3	cpe:/a:redhat:service_interconnect:1.4::el9	RHSA-2024:10135	2024-11-21T00:00:00Z
service-interconnect/skupper-site-controller-rhel9:1.4.7-3	cpe:/a:redhat:service_interconnect:1.4::el9	RHSA-2024:10135	2024-11-21T00:00:00Z
service-interconnect/skupper-config-sync-rhel9:1.4.7-2	cpe:/a:redhat:service_interconnect:1.4::el9	RHSA-2024:7213	2024-09-26T00:00:00Z
service-interconnect/skupper-flow-collector-rhel9:1.4.7-2	cpe:/a:redhat:service_interconnect:1.4::el9	RHSA-2024:7213	2024-09-26T00:00:00Z
service-interconnect/skupper-operator-bundle:1.4.7-2	cpe:/a:redhat:service_interconnect:1.4::el9	RHSA-2024:7213	2024-09-26T00:00:00Z
service-interconnect/skupper-router-rhel9:2.4.3-6	cpe:/a:redhat:service_interconnect:1.4::el9	RHSA-2024:7213	2024-09-26T00:00:00Z
service-interconnect/skupper-service-controller-rhel9:1.4.7-2	cpe:/a:redhat:service_interconnect:1.4::el9	RHSA-2024:7213	2024-09-26T00:00:00Z
service-interconnect/skupper-site-controller-rhel9:1.4.7-2	cpe:/a:redhat:service_interconnect:1.4::el9	RHSA-2024:7213	2024-09-26T00:00:00Z
Service Interconnect 1 for RHEL 9
service-interconnect/skupper-config-sync-rhel9:1.5.5-4	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:11109	2024-12-16T00:00:00Z
service-interconnect/skupper-controller-podman-container-rhel9:1.5.5-4	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:11109	2024-12-16T00:00:00Z
service-interconnect/skupper-controller-podman-rhel9:1.5.5-4	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:11109	2024-12-16T00:00:00Z
service-interconnect/skupper-flow-collector-rhel9:1.5.5-4	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:11109	2024-12-16T00:00:00Z
service-interconnect/skupper-operator-bundle:1.5.5-4	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:11109	2024-12-16T00:00:00Z
service-interconnect/skupper-router-rhel9:2.5.3-6	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:11109	2024-12-16T00:00:00Z
service-interconnect/skupper-service-controller-rhel9:1.5.5-4	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:11109	2024-12-16T00:00:00Z
service-interconnect/skupper-site-controller-rhel9:1.5.5-4	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:11109	2024-12-16T00:00:00Z
service-interconnect/skupper-config-sync-rhel9:1.5.5-3	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:7374	2024-09-30T00:00:00Z
service-interconnect/skupper-controller-podman-container-rhel9:1.5.5-3	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:7374	2024-09-30T00:00:00Z
service-interconnect/skupper-controller-podman-rhel9:1.5.5-3	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:7374	2024-09-30T00:00:00Z
service-interconnect/skupper-flow-collector-rhel9:1.5.5-3	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:7374	2024-09-30T00:00:00Z
service-interconnect/skupper-operator-bundle:1.5.5-3	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:7374	2024-09-30T00:00:00Z
service-interconnect/skupper-router-rhel9:2.5.3-5	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:7374	2024-09-30T00:00:00Z
service-interconnect/skupper-service-controller-rhel9:1.5.5-3	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:7374	2024-09-30T00:00:00Z
service-interconnect/skupper-site-controller-rhel9:1.5.5-3	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:7374	2024-09-30T00:00:00Z

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-3814-1	glib2.0 security update
Debian DSA	DSA-5682-1	glib2.0 security update
Ubuntu USN	USN-6768-1	GLib vulnerability

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://gitlab.gnome.org/GNOME/glib/-/issues/3268
https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/
https://nvd.nist.gov/vuln/detail/CVE-2024-34397
https://security.netapp.com/advisory/ntap-20240531-0008/
https://www.cve.org/CVERecord?id=CVE-2024-34397
https://www.openwall.com/lists/oss-security/2024/05/07/5

History

Wed, 05 Nov 2025 07:30:00 +0900

Type	Values Removed	Values Added
References		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/

Wed, 05 Nov 2025 03:30:00 +0900

Type	Values Removed	Values Added
References		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/

Thu, 19 Jun 2025 00:00:00 +0900

Type	Values Removed	Values Added
First Time appeared		Debian Debian debian Linux Fedoraproject Fedoraproject fedora Gnome Gnome glib Netapp Netapp ontap Tools
CPEs		cpe:2.3:a:gnome:glib:::::::: cpe:2.3:a:netapp:ontap_tools:10:::::vmware_vsphere:: cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:fedoraproject:fedora:39:::::::* cpe:2.3:o:fedoraproject:fedora:40:::::::*
Vendors & Products		Debian Debian debian Linux Fedoraproject Fedoraproject fedora Gnome Gnome glib Netapp Netapp ontap Tools

Sat, 16 Nov 2024 03:15:00 +0900

Type	Values Removed	Values Added
Weaknesses		CWE-290
Metrics	cvssV3_1 `{'score': 3.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 5.2, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L'}`

Wed, 13 Nov 2024 11:45:00 +0900

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9::crb

Tue, 01 Oct 2024 11:30:00 +0900

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:service_interconnect:1::el9

Fri, 27 Sep 2024 08:00:00 +0900

Type	Values Removed	Values Added
First Time appeared		Redhat service Interconnect
CPEs		cpe:/a:redhat:service_interconnect:1.4::el9
Vendors & Products		Redhat service Interconnect

Mon, 09 Sep 2024 19:45:00 +0900

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-05-07T00:00:00.000Z

Updated: 2025-11-04T22:06:15.286Z

Reserved: 2024-05-02T00:00:00.000Z

Link: CVE-2024-34397

Vulnrichment

Updated: 2025-11-04T22:06:15.286Z

NVD

Status : Modified

Published: 2024-05-07T18:15:08.350

Modified: 2025-11-04T22:16:01.240

Link: CVE-2024-34397

Redhat

Severity : Moderate

Publid Date: 2024-05-07T00:00:00Z

Links: CVE-2024-34397 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object