nscd: Null pointer crashes after notfound response If the Name Service
Cache Daemon’s (nscd) cache fails to add a not-found netgroup response to
the cache, the client request can result in a null pointer dereference.
This flaw was introduced in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | eglibc | <Â any | UNKNOWN |
ubuntu | 18.04 | noarch | glibc | <Â 2.27-3ubuntu1.6+esm3 | UNKNOWN |
ubuntu | 20.04 | noarch | glibc | <Â 2.31-0ubuntu9.16 | UNKNOWN |
ubuntu | 22.04 | noarch | glibc | <Â 2.35-0ubuntu3.8 | UNKNOWN |
ubuntu | 23.10 | noarch | glibc | <Â 2.38-1ubuntu6.3 | UNKNOWN |
ubuntu | 24.04 | noarch | glibc | <Â 2.39-0ubuntu8.2 | UNKNOWN |
ubuntu | 16.04 | noarch | glibc | <Â 2.23-0ubuntu11.3+esm7 | UNKNOWN |
inbox.sourceware.org/libc-alpha/[email protected]/
launchpad.net/bugs/cve/CVE-2024-33600
nvd.nist.gov/vuln/detail/CVE-2024-33600
security-tracker.debian.org/tracker/CVE-2024-33600
ubuntu.com/security/notices/USN-6804-1
www.cve.org/CVERecord?id=CVE-2024-33600
www.openwall.com/lists/oss-security/2024/04/24/2