Stack-based buffer overflow in netgroup cache
CVE-2024-33599

8.1HIGH

Key Information:

Vendor
The Gnu C Library
Status
Glibc
Vendor
CVE Published:
6 May 2024

Summary

The Name Service Cache Daemon (nscd) has a vulnerability that may lead to a stack-based buffer overflow when its fixed-size cache is filled by incoming client requests. This exploit occurs when a subsequent client tries to access netgroup data, causing the overflow due to the inadequate handling of cached items. This issue originated in glibc version 2.15 when the caching feature was implemented in nscd. It is important for users to review and update their systems to mitigate potential risks associated with this flaw.

Affected Version(s)

glibc 2.15 < 2.40

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.