CVE-2024-33602

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-33602

Severity

7.4

High

CVSS V3

Description

nscd: netgroup cache assumes NSS callback uses in-buffer strings

The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

References

https://images.chainguard.dev/security/CGA-wfxf-8642-f6f5
https://github.com/advisories/GHSA-f4pv-q5f7-2h55
https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
https://security.netapp.com/advisory/ntap-20240524-0012/
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008
http://www.openwall.com/lists/oss-security/2024/07/22/5

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2024-33602

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company