Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-33602

Опубликовано: 06 мая 2024
Источник: debian
EPSS Низкий

Описание

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
glibcfixed2.37-19package

Примечания

  • https://sourceware.org/bugzilla/show_bug.cgi?id=31680

  • https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/

  • https://www.openwall.com/lists/oss-security/2024/04/24/2

  • https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008

  • Fixed by: https://sourceware.org/git?p=glibc.git;a=commit;h=c04a21e050d64a1193a6daab872bca2528bda44b

EPSS

Процентиль: 63%
0.0045
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-33602

CVSS3: 7.4
ubuntu
почти 2 года назад

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

redhat логотип

CVE-2024-33602

CVSS3: 4
redhat
почти 2 года назад

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

nvd логотип

CVE-2024-33602

CVSS3: 7.4
nvd
почти 2 года назад

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

msrc логотип

CVE-2024-33602

CVSS3: 8.6
msrc
больше 1 года назад

nscd: netgroup cache assumes NSS callback uses in-buffer strings

github логотип

GHSA-f4pv-q5f7-2h55

CVSS3: 8.6
github
почти 2 года назад

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

EPSS

Процентиль: 63%
0.0045
Низкий