CVE-2024-33601

nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.
Configurations

No configuration.

History

21 Nov 2024, 09:17

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2024/07/22/5 - () http://www.openwall.com/lists/oss-security/2024/07/22/5 -
References () https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html - () https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html -
References () https://security.netapp.com/advisory/ntap-20240524-0014/ - () https://security.netapp.com/advisory/ntap-20240524-0014/ -
References () https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007 - () https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007 -

22 Jul 2024, 18:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/22/5 -

03 Jul 2024, 01:58

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

30 Jun 2024, 15:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html -

10 Jun 2024, 18:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240524-0014/ -

07 May 2024, 13:39

Type Values Removed Values Added
Summary
  • (es) nscd: la caché de netgroup puede terminar el daemon ante una falla en la asignación de memoria La caché de netgroup del daemon de caché del servicio de nombres (nscd) usa xmalloc o xrealloc y estas funciones pueden terminar el proceso debido a una falla en la asignación de memoria que resulta en una denegación de servicio a los clientes. La falla se introdujo en glibc 2.15 cuando se agregó el caché a nscd. Esta vulnerabilidad sólo está presente en el binario nscd.

06 May 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-06 20:15

Updated : 2024-11-21 09:17


NVD link : CVE-2024-33601

Mitre link : CVE-2024-33601

CVE.ORG link : CVE-2024-33601


JSON object : View

Products Affected

No product.

CWE
CWE-617

Reachable Assertion