CVE-2024-33601

HIGH

GNU Glibc < 2.40 - Reachable Assertion

Title source: rule

Description

nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

References (4)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2024/07/22/5

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20240524-0014/

[Broken Link] https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007

Scores

CVSS v3 7.3

EPSS 0.0014

EPSS Percentile 34.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-617

Status published

Products (11)

debian/debian_linux 10.0

gnu/glibc 2.15 - 2.40

netapp/h300s_firmware

netapp/h410c_firmware

netapp/h410s_firmware

netapp/h500s_firmware

netapp/h610c_firmware

netapp/h610s_firmware

netapp/h615c_firmware

netapp/h700s_firmware

... and 1 more

Published May 06, 2024

Tracked Since Feb 18, 2026