nscd: netgroup cache may terminate daemon on memory allocation failure
CVE-2024-33601

7.3HIGH

Key Information:

Vendor: The Gnu C Library
Status: Glibc
Vendor: CVE Published:; 6 May 2024

🔔 Create The Gnu C Library Vulnerability Alert

What is CVE-2024-33601?

The Name Service Cache Daemon (nscd) is susceptible to a Denial of Service issue due to improper memory management. Specifically, the netgroup cache implementation utilizes xmalloc or xrealloc functions, which can lead to unexpected termination of the daemon in the event of a memory allocation failure. This flaw, introduced in glibc 2.15 when the netgroup cache was added, poses significant risks as it can disrupt service for clients relying on nscd. It is critical for users of affected glibc versions to apply updates to safeguard against potential service disruptions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

glibc 2.15 < 2.40

References

https://sourceware.org/git/?p=glibc.git;a=blob;f=advisori...

https://security.netapp.com/advisory/ntap-20240524-0014/

https://lists.debian.org/debian-lts-announce/2024/06/msg0...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 6, 2024
Vulnerability Reserved
Apr 24, 2024

JSON

The Gnu C Library