CVE-2024-33602

CWE-466CWE-70310 documents9 sources
Severity
7.4HIGH
EPSS
0.4%
top 36.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
THE GNU C Library GlibcGNU GlibcDebian Debian Linux
Timeline
PublishedMay 6
Latest updateJan 15

Description

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 1.4 | Impact: 5.9

Affected Packages3 packages

NVDgnu/glibc2.152.40
CVEListV5the_gnu_c_library/glibc2.152.40
Debianglibc< 2.31-13+deb11u10+3

Also affects: Debian Linux 10.0

🔴Vulnerability Details

3
OSV
CVE-2024-33602: nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS2024-05-06
CVEList
nscd: netgroup cache assumes NSS callback uses in-buffer strings2024-05-06
GHSA
GHSA-f4pv-q5f7-2h55: nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NS2024-05-06

📋Vendor Advisories

6
Oracle
Oracle Oracle Communications Risk Matrix: Automated Test Suite (glibc) — CVE-2024-336022025-01-15
Oracle
Oracle Oracle Communications Risk Matrix: Management Service (glibc) — CVE-2024-336022024-10-15
Ubuntu
GNU C Library vulnerabilities2024-05-31
Microsoft
nscd: netgroup cache assumes NSS callback uses in-buffer strings2024-05-14
Red Hat
glibc: netgroup cache assumes NSS callback uses in-buffer strings2024-04-24
CVE-2024-33602 (HIGH CVSS 7.4) | nscd: netgroup cache assumes NSS ca | cvebase.io