CVE-2024-34397 - Vulnerability Details

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux Service Interconnect

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
rhel9/toolbox:9.4-12.1725906880	cpe:/a:redhat:enterprise_linux:9	RHBA-2024:6585	2024-09-11T00:00:00Z
ubi9/toolbox:9.4-12.1725906880	cpe:/a:redhat:enterprise_linux:9	RHBA-2024:6585	2024-09-11T00:00:00Z
glib2-0:2.68.4-14.el9_4.1	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:6464	2024-09-09T00:00:00Z
mingw-glib2-0:2.78.6-1.el9	cpe:/a:redhat:enterprise_linux:9::crb	RHSA-2024:9442	2024-11-12T00:00:00Z
glib2-0:2.68.4-14.el9_4.1	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:6464	2024-09-09T00:00:00Z
Service Interconnect 1.4 for RHEL 9
service-interconnect/skupper-config-sync-rhel9:1.4.7-3	cpe:/a:redhat:service_interconnect:1.4::el9	RHSA-2024:10135	2024-11-21T00:00:00Z
service-interconnect/skupper-flow-collector-rhel9:1.4.7-3	cpe:/a:redhat:service_interconnect:1.4::el9	RHSA-2024:10135	2024-11-21T00:00:00Z
service-interconnect/skupper-operator-bundle:1.4.7-4	cpe:/a:redhat:service_interconnect:1.4::el9	RHSA-2024:10135	2024-11-21T00:00:00Z
service-interconnect/skupper-router-rhel9:2.4.3-7	cpe:/a:redhat:service_interconnect:1.4::el9	RHSA-2024:10135	2024-11-21T00:00:00Z
service-interconnect/skupper-service-controller-rhel9:1.4.7-3	cpe:/a:redhat:service_interconnect:1.4::el9	RHSA-2024:10135	2024-11-21T00:00:00Z
service-interconnect/skupper-site-controller-rhel9:1.4.7-3	cpe:/a:redhat:service_interconnect:1.4::el9	RHSA-2024:10135	2024-11-21T00:00:00Z
service-interconnect/skupper-config-sync-rhel9:1.4.7-2	cpe:/a:redhat:service_interconnect:1.4::el9	RHSA-2024:7213	2024-09-26T00:00:00Z
service-interconnect/skupper-flow-collector-rhel9:1.4.7-2	cpe:/a:redhat:service_interconnect:1.4::el9	RHSA-2024:7213	2024-09-26T00:00:00Z
service-interconnect/skupper-operator-bundle:1.4.7-2	cpe:/a:redhat:service_interconnect:1.4::el9	RHSA-2024:7213	2024-09-26T00:00:00Z
service-interconnect/skupper-router-rhel9:2.4.3-6	cpe:/a:redhat:service_interconnect:1.4::el9	RHSA-2024:7213	2024-09-26T00:00:00Z
service-interconnect/skupper-service-controller-rhel9:1.4.7-2	cpe:/a:redhat:service_interconnect:1.4::el9	RHSA-2024:7213	2024-09-26T00:00:00Z
service-interconnect/skupper-site-controller-rhel9:1.4.7-2	cpe:/a:redhat:service_interconnect:1.4::el9	RHSA-2024:7213	2024-09-26T00:00:00Z
Service Interconnect 1 for RHEL 9
service-interconnect/skupper-config-sync-rhel9:1.5.5-4	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:11109	2024-12-16T00:00:00Z
service-interconnect/skupper-controller-podman-container-rhel9:1.5.5-4	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:11109	2024-12-16T00:00:00Z
service-interconnect/skupper-controller-podman-rhel9:1.5.5-4	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:11109	2024-12-16T00:00:00Z
service-interconnect/skupper-flow-collector-rhel9:1.5.5-4	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:11109	2024-12-16T00:00:00Z
service-interconnect/skupper-operator-bundle:1.5.5-4	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:11109	2024-12-16T00:00:00Z
service-interconnect/skupper-router-rhel9:2.5.3-6	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:11109	2024-12-16T00:00:00Z
service-interconnect/skupper-service-controller-rhel9:1.5.5-4	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:11109	2024-12-16T00:00:00Z
service-interconnect/skupper-site-controller-rhel9:1.5.5-4	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:11109	2024-12-16T00:00:00Z
service-interconnect/skupper-config-sync-rhel9:1.5.5-3	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:7374	2024-09-30T00:00:00Z
service-interconnect/skupper-controller-podman-container-rhel9:1.5.5-3	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:7374	2024-09-30T00:00:00Z
service-interconnect/skupper-controller-podman-rhel9:1.5.5-3	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:7374	2024-09-30T00:00:00Z
service-interconnect/skupper-flow-collector-rhel9:1.5.5-3	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:7374	2024-09-30T00:00:00Z
service-interconnect/skupper-operator-bundle:1.5.5-3	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:7374	2024-09-30T00:00:00Z
service-interconnect/skupper-router-rhel9:2.5.3-5	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:7374	2024-09-30T00:00:00Z
service-interconnect/skupper-service-controller-rhel9:1.5.5-3	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:7374	2024-09-30T00:00:00Z
service-interconnect/skupper-site-controller-rhel9:1.5.5-3	cpe:/a:redhat:service_interconnect:1::el9	RHSA-2024:7374	2024-09-30T00:00:00Z

References

Link	Providers
https://gitlab.gnome.org/GNOME/glib/-/issues/3268
https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/
https://nvd.nist.gov/vuln/detail/CVE-2024-34397
https://security.netapp.com/advisory/ntap-20240531-0008/
https://www.cve.org/CVERecord?id=CVE-2024-34397
https://www.openwall.com/lists/oss-security/2024/05/07/5

History

Fri, 15 Nov 2024 18:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-290
Metrics	cvssV3_1 `{'score': 3.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 5.2, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L'}`

Wed, 13 Nov 2024 02:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9::crb

Tue, 01 Oct 2024 02:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:service_interconnect:1::el9

Thu, 26 Sep 2024 23:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat service Interconnect
CPEs		cpe:/a:redhat:service_interconnect:1.4::el9
Vendors & Products		Redhat service Interconnect

Mon, 09 Sep 2024 10:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-05-07T00:00:00

Updated: 2024-11-15T17:14:35.675Z

Reserved: 2024-05-02T00:00:00

Link: CVE-2024-34397

Vulnrichment

Updated: 2024-08-02T02:51:11.424Z

NVD

Status : Awaiting Analysis

Published: 2024-05-07T18:15:08.350

Modified: 2024-11-21T09:18:34.830

Link: CVE-2024-34397

Redhat

Severity : Moderate

Publid Date: 2024-05-07T00:00:00Z

Links: CVE-2024-34397 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-34397", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-11-15T17:14:35.675Z", "dateReserved": "2024-05-02T00:00:00", "datePublished": "2024-05-07T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-10T18:08:40.913255"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3268"}, {"url": "https://www.openwall.com/lists/oss-security/2024/05/07/5"}, {"name": "FEDORA-2024-be032e564d", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/"}, {"name": "FEDORA-2024-2ce1c754f7", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/"}, {"name": "[debian-lts-announce] 20240513 [SECURITY] [DLA 3814-1] glib2.0 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html"}, {"url": "https://security.netapp.com/advisory/ntap-20240531-0008/"}, {"name": "FEDORA-2024-fd2569c4e9", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/"}, {"name": "FEDORA-2024-635a54eb7e", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-290", "lang": "en", "description": "CWE-290 Authentication Bypass by Spoofing"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.2, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-05-09T19:45:07.808061Z", "id": "CVE-2024-34397", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-15T17:14:35.675Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:51:11.424Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3268", "tags": ["x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2024/05/07/5", "tags": ["x_transferred"]}, {"name": "FEDORA-2024-be032e564d", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/"}, {"name": "FEDORA-2024-2ce1c754f7", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/"}, {"name": "[debian-lts-announce] 20240513 [SECURITY] [DLA 3814-1] glib2.0 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html"}, {"url": "https://security.netapp.com/advisory/ntap-20240531-0008/", "tags": ["x_transferred"]}, {"name": "FEDORA-2024-fd2569c4e9", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/"}, {"name": "FEDORA-2024-635a54eb7e", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/"}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3268", "tags": ["x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2024/05/07/5", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/", "name": "FEDORA-2024-be032e564d", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/", "name": "FEDORA-2024-2ce1c754f7", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html", "name": "[debian-lts-announce] 20240513 [SECURITY] [DLA 3814-1] glib2.0 security update", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240531-0008/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/", "name": "FEDORA-2024-fd2569c4e9", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/", "name": "FEDORA-2024-635a54eb7e", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:51:11.424Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.2, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-34397", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-09T19:45:07.808061Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-290", "description": "CWE-290 Authentication Bypass by Spoofing"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:24.273Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3268"}, {"url": "https://www.openwall.com/lists/oss-security/2024/05/07/5"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/", "name": "FEDORA-2024-be032e564d", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/", "name": "FEDORA-2024-2ce1c754f7", "tags": ["vendor-advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html", "name": "[debian-lts-announce] 20240513 [SECURITY] [DLA 3814-1] glib2.0 security update", "tags": ["mailing-list"]}, {"url": "https://security.netapp.com/advisory/ntap-20240531-0008/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/", "name": "FEDORA-2024-fd2569c4e9", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/", "name": "FEDORA-2024-635a54eb7e", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-10T18:08:40.913255"}}}, "cveMetadata": {"cveId": "CVE-2024-34397", "state": "PUBLISHED", "dateUpdated": "2024-11-15T17:14:35.675Z", "dateReserved": "2024-05-02T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-05-07T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en GNOME GLib anterior a 2.78.5 y en 2.79.x y 2.80.x anterior a 2.80.1. Cuando un cliente basado en GDBus se suscribe a se\u00f1ales de un servicio de sistema confiable, como NetworkManager, en un ordenador compartido, otros usuarios del mismo ordenador pueden enviar se\u00f1ales D-Bus falsificadas que el cliente basado en GDBus interpretar\u00e1 err\u00f3neamente como enviadas por el mismo. servicio de sistema confiable. Esto podr\u00eda provocar que el cliente basado en GDBus se comporte incorrectamente, con un impacto que depende de la aplicaci\u00f3n."}], "id": "CVE-2024-34397", "lastModified": "2024-11-21T09:18:34.830", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 4.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-07T18:15:08.350", "references": [{"source": "cve@mitre.org", "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3268"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20240531-0008/"}, {"source": "cve@mitre.org", "url": "https://www.openwall.com/lists/oss-security/2024/05/07/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3268"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240531-0008/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.openwall.com/lists/oss-security/2024/05/07/5"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHBA-2024:6585", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "rhel9/toolbox:9.4-12.1725906880", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHBA-2024:6585", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "ubi9/toolbox:9.4-12.1725906880", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:6464", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "glib2-0:2.68.4-14.el9_4.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-09T00:00:00Z"}, {"advisory": "RHSA-2024:9442", "cpe": "cpe:/a:redhat:enterprise_linux:9::crb", "package": "mingw-glib2-0:2.78.6-1.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:6464", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "glib2-0:2.68.4-14.el9_4.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-09T00:00:00Z"}, {"advisory": "RHSA-2024:10135", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-config-sync-rhel9:1.4.7-3", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-11-21T00:00:00Z"}, {"advisory": "RHSA-2024:10135", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-flow-collector-rhel9:1.4.7-3", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-11-21T00:00:00Z"}, {"advisory": "RHSA-2024:10135", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-operator-bundle:1.4.7-4", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-11-21T00:00:00Z"}, {"advisory": "RHSA-2024:10135", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-router-rhel9:2.4.3-7", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-11-21T00:00:00Z"}, {"advisory": "RHSA-2024:10135", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-service-controller-rhel9:1.4.7-3", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-11-21T00:00:00Z"}, {"advisory": "RHSA-2024:10135", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-site-controller-rhel9:1.4.7-3", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-11-21T00:00:00Z"}, {"advisory": "RHSA-2024:7213", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-config-sync-rhel9:1.4.7-2", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7213", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-flow-collector-rhel9:1.4.7-2", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7213", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-operator-bundle:1.4.7-2", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7213", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-router-rhel9:2.4.3-6", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7213", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-service-controller-rhel9:1.4.7-2", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7213", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-site-controller-rhel9:1.4.7-2", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:11109", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-config-sync-rhel9:1.5.5-4", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11109", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-controller-podman-container-rhel9:1.5.5-4", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11109", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-controller-podman-rhel9:1.5.5-4", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11109", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-flow-collector-rhel9:1.5.5-4", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11109", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-operator-bundle:1.5.5-4", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11109", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-router-rhel9:2.5.3-6", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11109", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-service-controller-rhel9:1.5.5-4", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11109", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-site-controller-rhel9:1.5.5-4", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:7374", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-config-sync-rhel9:1.5.5-3", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-09-30T00:00:00Z"}, {"advisory": "RHSA-2024:7374", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-controller-podman-container-rhel9:1.5.5-3", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-09-30T00:00:00Z"}, {"advisory": "RHSA-2024:7374", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-controller-podman-rhel9:1.5.5-3", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-09-30T00:00:00Z"}, {"advisory": "RHSA-2024:7374", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-flow-collector-rhel9:1.5.5-3", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-09-30T00:00:00Z"}, {"advisory": "RHSA-2024:7374", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-operator-bundle:1.5.5-3", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-09-30T00:00:00Z"}, {"advisory": "RHSA-2024:7374", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-router-rhel9:2.5.3-5", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-09-30T00:00:00Z"}, {"advisory": "RHSA-2024:7374", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-service-controller-rhel9:1.5.5-3", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-09-30T00:00:00Z"}, {"advisory": "RHSA-2024:7374", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-site-controller-rhel9:1.5.5-3", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-09-30T00:00:00Z"}], "bugzilla": {"description": "glib2: Signal subscription vulnerabilities", "id": "2279632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279632"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "status": "verified"}, "cwe": "CWE-940", "details": ["An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.", "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact."], "name": "CVE-2024-34397", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "glib2", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "mingw-glib2", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "glib2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "glib2", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "glib2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "mingw-glib2", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2024-05-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-34397\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-34397\nhttps://gitlab.gnome.org/GNOME/glib/-/issues/3268\nhttps://www.openwall.com/lists/oss-security/2024/05/07/5"], "threat_severity": "Moderate"}

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object