CVE-2024-33602

{"id": "CVE-2024-33602", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 3.9}]}, "published": "2024-05-06T20:15:11.680", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "https://security.netapp.com/advisory/ntap-20240524-0012/", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "description": [{"lang": "en", "value": "CWE-466"}]}], "descriptions": [{"lang": "en", "value": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\n\nThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n\n"}, {"lang": "es", "value": "nscd: la cach\u00e9 de netgroup supone que la devoluci\u00f3n de llamada de NSS utiliza cadenas en el b\u00fafer La cach\u00e9 de netgroup del daemon de cach\u00e9 del servicio de nombres (nscd) puede da\u00f1ar la memoria cuando la devoluci\u00f3n de llamada de NSS no almacena todas las cadenas en el b\u00fafer proporcionado. La falla se introdujo en glibc 2.15 cuando se agreg\u00f3 el cach\u00e9 a nscd. Esta vulnerabilidad s\u00f3lo est\u00e1 presente en el binario nscd."}], "lastModified": "2024-07-22T18:15:03.583", "sourceIdentifier": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}