CVE-2024-33599
published 2024-05-06CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a…
high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
nscd: Stack-based buffer overflow in netgroup cache
If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted
by client requests then a subsequent client request for netgroup data
may result in a stack-based buffer overflow. This flaw was introduced
in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | glibc | < glibc 2.36-9+deb12u7 (bookworm) | glibc 2.36-9+deb12u7 (bookworm) |
| gnu | glibc | >= 0 < 2.31-13+deb11u10 | 2.31-13+deb11u10 |
| gnu | glibc | >= 0 < 2.36-9+deb12u7 | 2.36-9+deb12u7 |
| gnu | glibc | >= 0 < 2.37-19 | 2.37-19 |
| gnu | glibc | >= 0 < 2.37-19 | 2.37-19 |
| gnu | glibc | >= 0 < 2.31-0ubuntu9.16 | 2.31-0ubuntu9.16 |
| gnu | glibc | >= 0 < 2.35-0ubuntu3.8 | 2.35-0ubuntu3.8 |
| gnu | glibc | >= 0 < 2.39-0ubuntu8.2 | 2.39-0ubuntu8.2 |
| gnu | glibc | >= 0 < 2.23-0ubuntu11.3+esm7 | 2.23-0ubuntu11.3+esm7 |
| gnu | glibc | >= 0 < 2.27-3ubuntu1.6+esm3 | 2.27-3ubuntu1.6+esm3 |
| gnu | glibc | >= 2.15 < 2.40 | 2.40 |
| msrc | azl3_glibc_2.38-11_on_azure_linux_3.0 | — | — |
| msrc | cbl2_glibc_2.35-7_on_cbl_mariner_2.0 | — | — |
| paloalto | pan-os | — | — |
| the_gnu_c_library | glibc | >= 2.15 < 2.40 | 2.40 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
osv8.1HIGH