Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-33602

Опубликовано: 06 мая 2024
Источник: debian
EPSS Низкий

Описание

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
glibcfixed2.37-19package

Примечания

  • https://sourceware.org/bugzilla/show_bug.cgi?id=31680

  • https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/

  • https://www.openwall.com/lists/oss-security/2024/04/24/2

  • https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008

  • Fixed by: https://sourceware.org/git?p=glibc.git;a=commit;h=c04a21e050d64a1193a6daab872bca2528bda44b

EPSS

Процентиль: 50%
0.00263
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-33602

CVSS3: 7.4
ubuntu
около 1 года назад

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

redhat логотип

CVE-2024-33602

CVSS3: 4
redhat
около 1 года назад

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

nvd логотип

CVE-2024-33602

CVSS3: 7.4
nvd
около 1 года назад

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

msrc логотип

CVE-2024-33602

CVSS3: 7.4
msrc
7 месяцев назад

Описание отсутствует

github логотип

GHSA-f4pv-q5f7-2h55

CVSS3: 8.6
github
около 1 года назад

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

EPSS

Процентиль: 50%
0.00263
Низкий