5.2

CVE-2024-34397

Exploit

EPSS 0.1%
Veröffentlicht 07.05.2024 18:15:08
Zuletzt bearbeitet 18.06.2025 14:36:02
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gnome ≫ Glib Version < 2.78.5

Gnome ≫ Glib Version >= 2.79.0 < 2.80.1

Debian ≫ Debian Linux Version10.0

Fedoraproject ≫ Fedora Version39

Fedoraproject ≫ Fedora Version40

Netapp ≫ Ontap Tools Version10 SwPlatformvmware_vsphere

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.282

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.2	0.9	4.2	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://gitlab.gnome.org/GNOME/glib/-/issues/3268

Vendor Advisory

Exploit

Issue Tracking

https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/

Third Party Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20240531-0008/

Third Party Advisory

https://www.openwall.com/lists/oss-security/2024/05/07/5

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2024-34397

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-34397

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-34397

EUVD