Описание
nscd: netgroup cache assumes NSS callback uses in-buffer strings
The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory
when the NSS callback does not store all strings in the provided buffer.
The flaw was introduced in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.
Отчет
The identified flaw in the glibc netgroup cache, while significant in its potential to cause memory corruption and crashes, may be categorized as a low severity issue due to several factors. Firstly, the exploitation of this vulnerability requires specific conditions to be met, such as the presence of netgroup-related functionality and the ability to manipulate memory within the target system. Secondly, the impact of the vulnerability is limited to the context of the affected application or system component, rather than posing a system-wide or network-wide threat. This issue affects the nscd RPM package and not the glibc RPM package itself. Affected components are tracked by their RPM source package, in this case, the nscd binary package is built from the glibc source package, hence the affected component is glibc.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | glibc | Not affected | ||
| Red Hat Enterprise Linux 6 | compat-glibc | Not affected | ||
| Red Hat Enterprise Linux 6 | glibc | Out of support scope | ||
| Red Hat Enterprise Linux 7 | compat-glibc | Not affected | ||
| Red Hat Enterprise Linux 7 | glibc | Fixed | RHSA-2024:3588 | 04.06.2024 |
| Red Hat Enterprise Linux 8 | glibc | Fixed | RHSA-2024:3344 | 23.05.2024 |
| Red Hat Enterprise Linux 8 | glibc | Fixed | RHSA-2024:3344 | 23.05.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | glibc | Fixed | RHSA-2024:3464 | 29.05.2024 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | glibc | Fixed | RHSA-2024:3309 | 23.05.2024 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | glibc | Fixed | RHSA-2024:3309 | 23.05.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
4 Medium
CVSS3
Связанные уязвимости
nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.
nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.
nscd: netgroup cache assumes NSS callback uses in-buffer strings The ...
nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.
EPSS
4 Medium
CVSS3