CVE-2024-33601

CWE-617 — Reachable Assertion CWE-7039 documents8 sources

Severity

7.3HIGH

EPSS

0.1%

top 71.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

THE GNU C Library Glibc GNU Glibc Debian Debian Linux

Timeline

PublishedMay 6

Latest updateMay 31

Description

nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages3 packages

▶NVDgnu/glibc2.15 — 2.40

▶CVEListV5the_gnu_c_library/glibc2.15 — 2.40

▶Debianglibc< 2.31-13+deb11u10+3

Also affects: Debian Linux 10.0

🔴Vulnerability Details

OSV

glibc vulnerabilities↗2024-05-31

▶

GHSA

GHSA-f4cf-2w52-c853: nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc↗2024-05-06

▶

OSV

CVE-2024-33601: nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc↗2024-05-06

▶

CVEList

nscd: netgroup cache may terminate daemon on memory allocation failure↗2024-05-06

▶

📋Vendor Advisories

Ubuntu

GNU C Library vulnerabilities↗2024-05-31

▶

Microsoft

nscd: netgroup cache may terminate daemon on memory allocation failure↗2024-05-14

▶

Red Hat

glibc: netgroup cache may terminate daemon on memory allocation failure↗2024-04-24

▶

Debian

CVE-2024-33601: glibc - nscd: netgroup cache may terminate daemon on memory allocation failure The Name...↗2024

▶