An issue was discovered in GNOME GLib before 2.78.5, and...
Moderate severity
Unreviewed
Published
May 7, 2024
to the GitHub Advisory Database
•
Updated Nov 15, 2024
Description
Published by the National Vulnerability Database
May 7, 2024
Published to the GitHub Advisory Database
May 7, 2024
Last updated
Nov 15, 2024
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.
References