nscd: netgroup cache may terminate daemon on memory allocation failure
CVE-2024-33601

7.5HIGH

Key Information:

Vendor: The Gnu C Library
Status: Glibc
Vendor: CVE Published:; 6 May 2024

Summary

The Name Service Cache Daemon (nscd) is susceptible to a Denial of Service issue due to improper memory management. Specifically, the netgroup cache implementation utilizes xmalloc or xrealloc functions, which can lead to unexpected termination of the daemon in the event of a memory allocation failure. This flaw, introduced in glibc 2.15 when the netgroup cache was added, poses significant risks as it can disrupt service for clients relying on nscd. It is critical for users of affected glibc versions to apply updates to safeguard against potential service disruptions.

Affected Version(s)

glibc 2.15 < 2.40

References

https://sourceware.org/git/?p=glibc.git;a=blob;f=advisori...

https://security.netapp.com/advisory/ntap-20240524-0014/

https://lists.debian.org/debian-lts-announce/2024/06/msg0...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 6, 2024
Vulnerability Reserved
Apr 24, 2024