nscd: netgroup cache may terminate daemon on memory allocation failure
CVE-2024-33601

7.3HIGH

Key Information:

Vendor: The Gnu C Library
Status: Glibc
Vendor: CVE Published:; 6 May 2024

🔔 Create The Gnu C Library Vulnerability Alert

What is CVE-2024-33601?

The Name Service Cache Daemon (nscd) is susceptible to a Denial of Service issue due to improper memory management. Specifically, the netgroup cache implementation utilizes xmalloc or xrealloc functions, which can lead to unexpected termination of the daemon in the event of a memory allocation failure. This flaw, introduced in glibc 2.15 when the netgroup cache was added, poses significant risks as it can disrupt service for clients relying on nscd. It is critical for users of affected glibc versions to apply updates to safeguard against potential service disruptions.

Affected Version(s)

glibc 2.15 < 2.40

References

https://sourceware.org/git/?p=glibc.git;a=blob;f=advisori...

https://security.netapp.com/advisory/ntap-20240524-0014/

https://lists.debian.org/debian-lts-announce/2024/06/msg0...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2024
Vulnerability Reserved
Apr 24, 2024