CVE-2024-33601

HIGH

glibc 2.15-2.39 - Denial of Service in nscd Netgroup Cache via Memory Allocation Failure

Title source: llm

Description

nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

References (5)

Core 5

Core References

Mailing List, Third Party Advisory

https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html

Third Party Advisory

https://security.netapp.com/advisory/ntap-20240524-0014/

Broken Link

https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007

Mailing List, Third Party Advisory

http://www.openwall.com/lists/oss-security/2024/07/22/5

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-082556.html

Scores

CVSS v3 7.3

EPSS 0.0107

EPSS Percentile 60.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-617

Status published

Products (12)

debian/debian_linux 10.0

gnu/glibc 2.15 - 2.40

netapp/h300s_firmware

netapp/h410c_firmware

netapp/h410s_firmware

netapp/h500s_firmware

netapp/h610c_firmware

netapp/h610s_firmware

netapp/h615c_firmware

netapp/h700s_firmware

... and 2 more

Published May 06, 2024

Tracked Since Feb 18, 2026