CVE-2014-9984 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Glibc

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-131 — Incorrect Calculation of Buffer Size9 documents8 sources

Severity

9.8CRITICALNVD

EPSS

0.5%

top 34.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc Eglibc

Timeline

PublishedJun 12

Latest updateMay 2

Description

nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶Debiangnu/glibc< 2.19-14+3

▶Ubuntugnu/glibc< 2.23-0ubuntu11.3+esm6+1

▶Ubuntueglibc/eglibc< 2.19-0ubuntu6.15+esm3

▶NVDgnu/glibc2.19

Patches

Patch: sourceware.org ↗Patch: sourceware.org ↗

🔴Vulnerability Details

OSV

eglibc, glibc vulnerabilities↗2024-05-02

▶

GHSA

GHSA-qp88-3vr4-mjq3: nscd in the GNU C Library (aka glibc or libc6) before version 2↗2022-05-14

▶

CVEList

CVE-2014-9984: nscd in the GNU C Library (aka glibc or libc6) before version 2↗2017-06-12

▶

OSV

CVE-2014-9984: nscd in the GNU C Library (aka glibc or libc6) before version 2↗2017-06-12

▶

📋Vendor Advisories

Ubuntu

GNU C Library vulnerabilities↗2024-05-02

▶

Red Hat

glibc: nscd buffer manipulation vulnerability could lead to code execution or crash↗2017-06-12

▶

Debian

CVE-2014-9984: glibc - nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not corr...↗2014

▶

💬Community

Bugzilla

CVE-2014-9984 glibc: nscd buffer manipulation vulnerability could lead to code execution or crash↗2017-06-20

▶