Stack-based buffer overflow in netgroup cache
CVE-2024-33599

8.1HIGH

Key Information:

Vendor: The Gnu C Library
Status: Glibc
Vendor: CVE Published:; 6 May 2024

🔔 Create The Gnu C Library Vulnerability Alert

What is CVE-2024-33599?

The Name Service Cache Daemon (nscd) has a vulnerability that may lead to a stack-based buffer overflow when its fixed-size cache is filled by incoming client requests. This exploit occurs when a subsequent client tries to access netgroup data, causing the overflow due to the inadequate handling of cached items. This issue originated in glibc version 2.15 when the caching feature was implemented in nscd. It is important for users to review and update their systems to mitigate potential risks associated with this flaw.

Affected Version(s)

glibc 2.15 < 2.40

References

https://sourceware.org/git/?p=glibc.git;a=blob;f=advisori...

https://security.netapp.com/advisory/ntap-20240524-0011/

https://lists.debian.org/debian-lts-announce/2024/06/msg0...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2024
Vulnerability Reserved
Apr 24, 2024