IM
IronMonkey Threat Research

CVE-2024-33599 HIGH

Published: 2024-05-06 | Last Modified: 2026-05-12 | Status: Modified

Description

nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

Additional Descriptions (1)

nscd: desbordamiento de búfer en la región stack de la memoria en la caché de netgroup Si la caché de tamaño fijo del daemon de caché del servicio de nombres (nscd) se agota debido a las solicitudes de los clientes, una solicitud posterior del cliente de datos de netgroup puede provocar un desbordamiento del búfer basado en la pila. Esta falla se introdujo en glibc 2.15 cuando se agregó el caché a nscd. Esta vulnerabilidad sólo está presente en el binario nscd.

CVSS Metrics

Base Score: 8.1 (HIGH)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK
Attack ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactHIGH
Integrity ImpactHIGH
Availability ImpactHIGH

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Type: Secondary

Exploitability Score: 2.2

Impact Score: 5.9

Weaknesses

Source Type Description
3ff69d7a-14f2-4f67-a097-88dee7810d18 Secondary
en CWE-121
134c704f-9b21-4f2e-91b3-4a467353bcc0 Secondary
en CWE-121

Affected Products

Vendor Product Version Update Type
gnu glibc * <built-in method update of dict object at 0x702bdcc999c0> Application
debian debian_linux 10.0 <built-in method update of dict object at 0x702bdcc98840> Operating System
netapp h300s_firmware - <built-in method update of dict object at 0x702bcbbf4e40> Operating System
netapp h500s_firmware - <built-in method update of dict object at 0x702bdc0d2040> Operating System
netapp h700s_firmware - <built-in method update of dict object at 0x702bdc0d1480> Operating System
netapp h410s_firmware - <built-in method update of dict object at 0x702bdc0d33c0> Operating System
netapp h410c_firmware - <built-in method update of dict object at 0x702bdc0d2d40> Operating System
netapp hci_bootstrap_os - <built-in method update of dict object at 0x702bdcc9a8c0> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*

References

Notification
Message here