CVE-2024-33602
nscd: netgroup cache assumes NSS callback uses in-buffer strings
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
nscd: netgroup cache assumes NSS callback uses in-buffer strings
The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory
when the NSS callback does not store all strings in the provided buffer.
The flaw was introduced in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
nscd: la caché de netgroup supone que la devolución de llamada de NSS utiliza cadenas en el búfer La caché de netgroup del daemon de caché del servicio de nombres (nscd) puede dañar la memoria cuando la devolución de llamada de NSS no almacena todas las cadenas en el búfer proporcionado. La falla se introdujo en glibc 2.15 cuando se agregó el caché a nscd. Esta vulnerabilidad sólo está presente en el binario nscd.
A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-04-24 CVE Reserved
- 2024-05-06 CVE Published
- 2024-07-01 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-466: Return of Pointer Value Outside of Expected Range
- CWE-703: Improper Check or Handling of Exceptional Conditions
CAPEC
- CAPEC-129: Pointer Manipulation
References (6)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-33602 | 2024-06-26 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2277206 | 2024-06-26 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
The GNU C Library Search vendor "The GNU C Library" | Glibc Search vendor "The GNU C Library" for product "Glibc" | >= 2.15 < 2.40 Search vendor "The GNU C Library" for product "Glibc" and version " >= 2.15 < 2.40" | en |
Affected
|