CVE-2024-33601

EUVD-2024-31338
nscd: netgroup cache may terminate daemon on memory allocation failure

The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or
xrealloc and these functions may terminate the process due to a memory
allocation failure resulting in a denial of service to the clients.  The
flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA-ADPADP
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
gnuglibc
2.15 ≤
𝑥
< 2.40
debiandebian_linux
10.0
netapph300s_firmware
-
netapph500s_firmware
-
netapph700s_firmware
-
netapph410s_firmware
-
netapph410c_firmware
-
netapph610c_firmware
-
netapph615c_firmware
-
netapph610s_firmware
-
netapphci_bootstrap_os
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glibc
bookworm
2.36-9+deb12u13
fixed
bookworm (security)
2.36-9+deb12u7
fixed
bullseye
2.31-13+deb11u11
fixed
bullseye (security)
2.31-13+deb11u13
fixed
forky
2.42-6
fixed
sid
2.42-6
fixed
trixie
2.41-12
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
glibc
bionic
Fixed 2.27-3ubuntu1.6+esm3
released
focal
Fixed 2.31-0ubuntu9.16
released
jammy
Fixed 2.35-0ubuntu3.8
released
mantic
Fixed 2.38-1ubuntu6.3
released
noble
Fixed 2.39-0ubuntu8.2
released
oracular
not-affected
plucky
not-affected
questing
not-affected
xenial
Fixed 2.23-0ubuntu11.3+esm7
released
eglibc
focal
dne
jammy
dne
mantic
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
needs-triage
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2024/07/22/5
https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
https://security.netapp.com/advisory/ntap-20240524-0014/
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007
http://www.openwall.com/lists/oss-security/2024/07/22/5
https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
https://security.netapp.com/advisory/ntap-20240524-0014/
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007