CVE-2024-34397

🔶 medium

Summary

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.

CVSS Score

5.2

Medium

EPSS Score

0.2

Exploit Probability

Published Date

2024-05-07

First Seen: 2026-01-05

Last Modified 2025-11-04

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

CWE IDs (Weakness Types)

CWE-290

🔗 References 20

https://gitlab.gnome.org/GNOME/glib/-/issues/3268

Exploit Issue Tracking Vendor Advisory

https://lists.debian.org/debian-lts-announce/2024/05...

Mailing List Third Party Advisory

https://lists.fedoraproject.org/archives/list/packag...

Mailing List Third Party Advisory

https://lists.fedoraproject.org/archives/list/packag...

Mailing List Third Party Advisory

https://lists.fedoraproject.org/archives/list/packag...

Mailing List Third Party Advisory

https://lists.fedoraproject.org/archives/list/packag...

Mailing List Third Party Advisory

https://security.netapp.com/advisory/ntap-20240531-0...

Third Party Advisory

https://www.openwall.com/lists/oss-security/2024/05/...

Mailing List

https://gitlab.gnome.org/GNOME/glib/-/issues/3268

Exploit Issue Tracking Vendor Advisory

https://lists.debian.org/debian-lts-announce/2024/05...

Mailing List Third Party Advisory

https://lists.fedoraproject.org/archives/list/packag...

Mailing List Third Party Advisory

https://lists.fedoraproject.org/archives/list/packag...

Mailing List Third Party Advisory

https://lists.fedoraproject.org/archives/list/packag...

Mailing List Third Party Advisory

https://lists.fedoraproject.org/archives/list/packag...

Mailing List Third Party Advisory

https://lists.fedoraproject.org/archives/list/packag...

https://security.netapp.com/advisory/ntap-20240531-0...

Third Party Advisory

https://www.openwall.com/lists/oss-security/2024/05/...

Mailing List

📦 Affected Products 6

Vendor	Product	Status	Affected Versions
debian	debian_linux	Affected	v10.0
fedoraproject	fedora	Affected	v39
fedoraproject	fedora	Affected	v40
gnome	glib	Affected	< 2.78.5
gnome	glib	Affected	≥ 2.79.0 < 2.80.1
netapp	ontap_tools	Affected	v10

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2025-68670	⛔ critical	9.1	0.3	xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerabi...	2026-01-27
CVE-2026-24061	⛔ critical	9.8	29.6	telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment ...	2026-01-21
CVE-2025-14512	🔶 medium	6.5	0.1	A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer ov...	2025-12-11
CVE-2025-14087	🔶 medium	5.6	0.3	A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a...	2025-12-10
CVE-2025-6966	🔶 medium	5.5	0.0	NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause ...	2025-12-05
CVE-2025-13601	⚠️ high	7.7	0.0	A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_u...	2025-11-26

These CVEs affect the same products