CVE-2024-33602

HIGH

glibc 2.15-2.39 - Memory Corruption in nscd Netgroup Cache

Title source: llm

Description

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

References (5)

Core 5

Core References

Broken Link

https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008

Third Party Advisory

https://security.netapp.com/advisory/ntap-20240524-0012/

Mailing List, Third Party Advisory

https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html

Mailing List

http://www.openwall.com/lists/oss-security/2024/07/22/5

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-082556.html

Scores

CVSS v3 7.4

EPSS 0.0063

EPSS Percentile 70.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-466

Status published

Products (12)

debian/debian_linux 10.0

gnu/glibc 2.15 - 2.40

netapp/element_software

netapp/h300s_firmware

netapp/h410c_firmware

netapp/h410s_firmware

netapp/h500s_firmware

netapp/h700s_firmware

netapp/hci_bootstrap_os

netapp/solidfire_\&_hci_management_node

... and 2 more

Published May 06, 2024

Tracked Since Feb 18, 2026