Lucene search

K
cvelistGlibcCVELIST:CVE-2024-33602
HistoryMay 06, 2024 - 7:22 p.m.

CVE-2024-33602 nscd: netgroup cache assumes NSS callback uses in-buffer strings

2024-05-0619:22:12
CWE-466
glibc
www.cve.org
cve-2024-33602
name service cache daemon
nss callback
memory corruption
glibc 2.15
nscd binary

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

nscd: netgroup cache assumes NSS callback uses in-buffer strings

The Name Service Cache Daemon’s (nscd) netgroup cache can corrupt memory
when the NSS callback does not store all strings in the provided buffer.
The flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "glibc",
    "vendor": "The GNU C Library",
    "versions": [
      {
        "lessThan": "2.40",
        "status": "affected",
        "version": "2.15",
        "versionType": "custom"
      }
    ]
  }
]