CVE-2024-33600 — NULL Pointer Dereference in GNU C Library Glibc

CWE-476 — NULL Pointer Dereference9 documents8 sources

Severity

5.9MEDIUMNVD

OSV8.1

EPSS

0.2%

top 54.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

THE GNU C Library Glibc GNU Glibc Debian Linux

Timeline

PublishedMay 6

Latest updateMay 31

Description

nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶NVDgnu/glibc2.15 — 2.40

▶CVEListV5the_gnu_c_library/glibc2.15 — 2.40

▶Debiangnu/glibc< 2.31-13+deb11u10+3

▶Ubuntugnu/glibc< 2.31-0ubuntu9.16+4

Also affects: Debian Linux 10.0

🔴Vulnerability Details

OSV

glibc vulnerabilities↗2024-05-31

▶

OSV

CVE-2024-33600: nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the c↗2024-05-06

▶

CVEList

nscd: Null pointer crashes after notfound response↗2024-05-06

▶

GHSA

GHSA-jv3g-6pg3-v9j8: nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the↗2024-05-06

▶

📋Vendor Advisories

Ubuntu

GNU C Library vulnerabilities↗2024-05-31

▶

Microsoft

nscd: Null pointer crashes after notfound response↗2024-05-14

▶

Red Hat

glibc: null pointer dereferences after failed netgroup cache insertion↗2024-04-24

▶

Debian

CVE-2024-33600: glibc - nscd: Null pointer crashes after notfound response If the Name Service Cache Da...↗2024

▶