CVE-2021-27645: The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due…

low2.5CVSS 3.1

AVLACHPRLUINSUCNINAL

The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.

Affected

12 ranges

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	glibc	< glibc 2.31-10 (bookworm)	glibc 2.31-10 (bookworm)
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
gnu	glibc	>= 0 < 2.31-10	2.31-10
gnu	glibc	>= 0 < 2.31-10	2.31-10
gnu	glibc	>= 0 < 2.31-10	2.31-10
gnu	glibc	>= 0 < 2.31-10	2.31-10
gnu	glibc	>= 0 < 2.27-3ubuntu1.5	2.27-3ubuntu1.5
gnu	glibc	>= 0 < 2.31-0ubuntu9.7	2.31-0ubuntu9.7
gnu	glibc	2.29 – 2.33	—
paloalto	pan-os	—	—

CVSS provenance

nvdv3.12.5LOWCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

osv5.9MEDIUM