CVE-2024-33601

nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.openwall.com/lists/oss-security/2024/07/22/5
https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
https://security.netapp.com/advisory/ntap-20240524-0014/
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007

Configurations

No configuration.

History

No history.

Information

Published : 2024-05-06 20:15

Updated : 2024-07-22 18:15

NVD link : CVE-2024-33601

Mitre link : CVE-2024-33601

CVE.ORG link : CVE-2024-33601

JSON object : View

Products Affected

No product.

CWE

CWE-617

Reachable Assertion

{"id": "CVE-2024-33601", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-05-06T20:15:11.603", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "https://security.netapp.com/advisory/ntap-20240524-0014/", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "description": [{"lang": "en", "value": "CWE-617"}]}], "descriptions": [{"lang": "en", "value": "nscd: netgroup cache may terminate daemon on memory allocation failure\n\nThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients. The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n\n"}, {"lang": "es", "value": "nscd: la cach\u00e9 de netgroup puede terminar el daemon ante una falla en la asignaci\u00f3n de memoria La cach\u00e9 de netgroup del daemon de cach\u00e9 del servicio de nombres (nscd) usa xmalloc o xrealloc y estas funciones pueden terminar el proceso debido a una falla en la asignaci\u00f3n de memoria que resulta en una denegaci\u00f3n de servicio a los clientes. La falla se introdujo en glibc 2.15 cuando se agreg\u00f3 el cach\u00e9 a nscd. Esta vulnerabilidad s\u00f3lo est\u00e1 presente en el binario nscd."}], "lastModified": "2024-07-22T18:15:03.493", "sourceIdentifier": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}