Stack-based buffer overflow in netgroup cache
CVE-2024-33599
8.1HIGH
Key Information:
- Vendor
- The Gnu C Library
- Status
- Glibc
- Vendor
- CVE Published:
- 6 May 2024
Summary
The Name Service Cache Daemon (nscd) has a vulnerability that may lead to a stack-based buffer overflow when its fixed-size cache is filled by incoming client requests. This exploit occurs when a subsequent client tries to access netgroup data, causing the overflow due to the inadequate handling of cached items. This issue originated in glibc version 2.15 when the caching feature was implemented in nscd. It is important for users to review and update their systems to mitigate potential risks associated with this flaw.
Affected Version(s)
glibc 2.15 < 2.40
References
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved