CVE-2024-33601

HIGH7.3

nscd: netgroup cache may terminate daemon on memory allocation failure

Published May 6, 2024

Modified 10 months ago

No fix available

Details

nscd: netgroup cache may terminate daemon on memory allocation failure

The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

References

WEBhttp://www.openwall.com/lists/oss-security/2024/07/22/5 WEBhttps://lists.debian.org/debian-lts-announce/2024/06/msg00026.html WEBhttps://security.netapp.com/advisory/ntap-20240524-0014/WEBhttps://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2024-33601

CVSS Analysis

CVSS v3.1

7.3

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

LowC:L

Integrity

LowI:L

Availability

LowA:L

7.3/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Weakness Type (CWE)

Other

CWE-617

Ecosystems

Timeline

PublishedMay 6, 2024

ModifiedMar 18, 2025