Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2024-34397
HistoryMay 07, 2024 - 6:15 p.m.

CVE-2024-34397

2024-05-0718:15:08
Debian Security Bug Tracker
security-tracker.debian.org
17
cve-2024-34397
gdbus
networkmanager
spoofed signals
system service
shared computer
security vulnerability

CVSS3

5.2

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

AI Score

6.6

Confidence

Low

EPSS

0

Percentile

13.0%

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.

CVSS3

5.2

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

AI Score

6.6

Confidence

Low

EPSS

0

Percentile

13.0%