CVE-2024-33601
nscd: netgroup cache may terminate daemon on memory allocation failure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
nscd: netgroup cache may terminate daemon on memory allocation failure
The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or
xrealloc and these functions may terminate the process due to a memory
allocation failure resulting in a denial of service to the clients. The
flaw was introduced in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
nscd: la caché de netgroup puede terminar el daemon ante una falla en la asignación de memoria La caché de netgroup del daemon de caché del servicio de nombres (nscd) usa xmalloc o xrealloc y estas funciones pueden terminar el proceso debido a una falla en la asignación de memoria que resulta en una denegación de servicio a los clientes. La falla se introdujo en glibc 2.15 cuando se agregó el caché a nscd. Esta vulnerabilidad sólo está presente en el binario nscd.
A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-04-24 CVE Reserved
- 2024-05-06 CVE Published
- 2024-07-01 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-617: Reachable Assertion
- CWE-703: Improper Check or Handling of Exceptional Conditions
CAPEC
- CAPEC-130: Excessive Allocation
References (6)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-33601 | 2024-06-26 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2277205 | 2024-06-26 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
The GNU C Library Search vendor "The GNU C Library" | Glibc Search vendor "The GNU C Library" for product "Glibc" | >= 2.15 < 2.40 Search vendor "The GNU C Library" for product "Glibc" and version " >= 2.15 < 2.40" | en |
Affected
|