nscd: netgroup cache may terminate daemon on memory allocation failure
CVE-2024-33601

Currently unrated

Key Information:

Vendor: The Gnu C Library
Status: Glibc
Vendor: CVE Published:; 6 May 2024

Summary

nscd: netgroup cache may terminate daemon on memory allocation failure

The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Affected Version(s)

glibc 2.15 < 2.40

References

https://sourceware.org/git/?p=glibc.git;a=blob;f=advisori...

https://security.netapp.com/advisory/ntap-20240524-0014/

https://lists.debian.org/debian-lts-announce/2024/06/msg0...

Timeline

Vulnerability published
May 6, 2024
Vulnerability Reserved
Apr 24, 2024