CVE-2024-33600
published 2024-05-06CVE-2024-33600: nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the…
medium5.9CVSS 3.1
AVNACHPRNUINSUCNINAH
nscd: Null pointer crashes after notfound response
If the Name Service Cache Daemon's (nscd) cache fails to add a not-found
netgroup response to the cache, the client request can result in a null
pointer dereference. This flaw was introduced in glibc 2.15 when the
cache was added to nscd.
This vulnerability is only present in the nscd binary.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | glibc | < glibc 2.36-9+deb12u7 (bookworm) | glibc 2.36-9+deb12u7 (bookworm) |
| gnu | glibc | >= 0 < 2.31-13+deb11u10 | 2.31-13+deb11u10 |
| gnu | glibc | >= 0 < 2.36-9+deb12u7 | 2.36-9+deb12u7 |
| gnu | glibc | >= 0 < 2.37-19 | 2.37-19 |
| gnu | glibc | >= 0 < 2.37-19 | 2.37-19 |
| gnu | glibc | >= 0 < 2.31-0ubuntu9.16 | 2.31-0ubuntu9.16 |
| gnu | glibc | >= 0 < 2.35-0ubuntu3.8 | 2.35-0ubuntu3.8 |
| gnu | glibc | >= 0 < 2.39-0ubuntu8.2 | 2.39-0ubuntu8.2 |
| gnu | glibc | >= 0 < 2.23-0ubuntu11.3+esm7 | 2.23-0ubuntu11.3+esm7 |
| gnu | glibc | >= 0 < 2.27-3ubuntu1.6+esm3 | 2.27-3ubuntu1.6+esm3 |
| gnu | glibc | >= 2.15 < 2.40 | 2.40 |
| msrc | azl3_glibc_2.38-11_on_azure_linux_3.0 | — | — |
| msrc | cbl2_glibc_2.35-7_on_cbl_mariner_2.0 | — | — |
| paloalto | pan-os | — | — |
| the_gnu_c_library | glibc | >= 2.15 < 2.40 | 2.40 |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
osv8.1HIGH