IM
IronMonkey Threat Research

CVE-2024-33600 MEDIUM

Published: 2024-05-06 | Last Modified: 2026-05-12 | Status: Modified

Description

nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

Additional Descriptions (1)

nscd: el puntero nulo falla después de una respuesta no encontrada Si el caché del daemon de caché del servicio de nombres (nscd) no logra agregar una respuesta de grupo de red no encontrado al caché, la solicitud del cliente puede resultar en una desreferencia del puntero nulo. Esta falla se introdujo en glibc 2.15 cuando se agregó el caché a nscd. Esta vulnerabilidad sólo está presente en el binario nscd.

CVSS Metrics

Base Score: 5.9 (MEDIUM)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorNETWORK
Attack ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Type: Secondary

Exploitability Score: 2.2

Impact Score: 3.6

Weaknesses

Source Type Description
3ff69d7a-14f2-4f67-a097-88dee7810d18 Secondary
en CWE-476

Affected Products

Vendor Product Version Update Type
gnu glibc * <built-in method update of dict object at 0x702bdd12a100> Application
debian debian_linux 10.0 <built-in method update of dict object at 0x702bde535700> Operating System
netapp active_iq_unified_manager - <built-in method update of dict object at 0x702b80ad8d00> Application
netapp h300s_firmware - <built-in method update of dict object at 0x702bfc203580> Operating System
netapp h500s_firmware - <built-in method update of dict object at 0x702bdd12b840> Operating System
netapp h700s_firmware - <built-in method update of dict object at 0x702bde536540> Operating System
netapp h410s_firmware - <built-in method update of dict object at 0x702b83f2f900> Operating System
netapp h410c_firmware - <built-in method update of dict object at 0x702ba6eda780> Operating System
netapp h610c_firmware - <built-in method update of dict object at 0x702b80ad8ec0> Operating System
netapp h610s_firmware - <built-in method update of dict object at 0x702bdd12bf00> Operating System
netapp h615c_firmware - <built-in method update of dict object at 0x702bde167200> Operating System
netapp hci_bootstrap_os - <built-in method update of dict object at 0x702b80ad95c0> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*

References

Notification
Message here