CVE-2024-33600

nscd: Null pointer crashes after notfound response

If the Name Service Cache Daemon's (nscd) cache fails to add a not-found
netgroup response to the cache, the client request can result in a null
pointer dereference.  This flaw was introduced in glibc 2.15 when the
cache was added to nscd.

This vulnerability is only present in the nscd binary.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
glibcCNA
---
---
CISA-ADPADP
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Debian logo
Debian Releases
Debian Product
Codename
glibc
bullseye
2.31-13+deb11u11
fixed
bullseye (security)
2.31-13+deb11u13
fixed
bookworm
2.36-9+deb12u10
fixed
bookworm (security)
2.36-9+deb12u7
fixed
sid
2.41-8
fixed
trixie
2.41-8
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eglibc
plucky
dne
oracular
dne
noble
dne
mantic
dne
jammy
dne
focal
dne
trusty
needs-triage
glibc
plucky
not-affected
oracular
not-affected
noble
Fixed 2.39-0ubuntu8.2
released
mantic
Fixed 2.38-1ubuntu6.3
released
jammy
Fixed 2.35-0ubuntu3.8
released
focal
Fixed 2.31-0ubuntu9.16
released
bionic
Fixed 2.27-3ubuntu1.6+esm3
released
xenial
Fixed 2.23-0ubuntu11.3+esm7
released
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2024/07/22/5
https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
https://security.netapp.com/advisory/ntap-20240524-0013/
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006
http://www.openwall.com/lists/oss-security/2024/07/22/5
https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
https://security.netapp.com/advisory/ntap-20240524-0013/
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006