{"id":"AZL-40400","summary":"CVE-2024-34397 affecting package glib for versions less than 2.78.6-1","details":"An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.","modified":"2026-04-01T05:14:01.439989Z","published":"2024-05-07T18:15:08Z","upstream":["CVE-2024-34397"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34397"}],"affected":[{"package":{"name":"glib","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/glib"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.78.6-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-40400.json"}}],"schema_version":"1.7.5"}