CVE-2024-33599

nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

CVSS

No CVSS.

References

Link	Resource
http://www.openwall.com/lists/oss-security/2024/07/22/5
https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
https://security.netapp.com/advisory/ntap-20240524-0011/
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005

Configurations

No configuration.

History

22 Jul 2024, 18:15

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2024/07/22/5 -

30 Jun 2024, 15:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html -

10 Jun 2024, 17:16

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20240524-0011/ -

07 May 2024, 13:39

Type	Values Removed	Values Added
Summary		(es) nscd: desbordamiento de búfer en la región stack de la memoria en la caché de netgroup Si la caché de tamaño fijo del daemon de caché del servicio de nombres (nscd) se agota debido a las solicitudes de los clientes, una solicitud posterior del cliente de datos de netgroup puede provocar un desbordamiento del búfer basado en la pila. Esta falla se introdujo en glibc 2.15 cuando se agregó el caché a nscd. Esta vulnerabilidad sólo está presente en el binario nscd.

06 May 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-06 20:15

Updated : 2024-07-22 18:15

NVD link : CVE-2024-33599

Mitre link : CVE-2024-33599

CVE.ORG link : CVE-2024-33599

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

JSON object

Attach tags to CVE-2024-33599

Attach tags to `CVE-2024-33599`