nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name
Service Cache Daemon’s (nscd) netgroup cache can corrupt memory when the
NSS callback does not store all strings in the provided buffer. The flaw
was introduced in glibc 2.15 when the cache was added to nscd. This
vulnerability is only present in the nscd binary.
Author | Note |
---|---|
mdeslaur | same commits as CVE-2024-33601 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | eglibc | < any | UNKNOWN |
ubuntu | 18.04 | noarch | glibc | < 2.27-3ubuntu1.6+esm3 | UNKNOWN |
ubuntu | 20.04 | noarch | glibc | < 2.31-0ubuntu9.16 | UNKNOWN |
ubuntu | 22.04 | noarch | glibc | < 2.35-0ubuntu3.8 | UNKNOWN |
ubuntu | 23.10 | noarch | glibc | < 2.38-1ubuntu6.3 | UNKNOWN |
ubuntu | 24.04 | noarch | glibc | < 2.39-0ubuntu8.2 | UNKNOWN |
ubuntu | 16.04 | noarch | glibc | < 2.23-0ubuntu11.3+esm7 | UNKNOWN |
inbox.sourceware.org/libc-alpha/[email protected]/
launchpad.net/bugs/cve/CVE-2024-33602
nvd.nist.gov/vuln/detail/CVE-2024-33602
security-tracker.debian.org/tracker/CVE-2024-33602
sourceware.org/bugzilla/show_bug.cgi?id=31680
ubuntu.com/security/notices/USN-6804-1
www.cve.org/CVERecord?id=CVE-2024-33602
www.openwall.com/lists/oss-security/2024/04/24/2