nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.
nscd: el puntero nulo falla después de una respuesta no encontrada Si el caché del daemon de caché del servicio de nombres (nscd) no logra agregar una respuesta de grupo de red no encontrado al caché, la solicitud del cliente puede resultar en una desreferencia del puntero nulo. Esta falla se introdujo en glibc 2.15 cuando se agregó el caché a nscd. Esta vulnerabilidad sólo está presente en el binario nscd.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | HIGH |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Type: Secondary
Exploitability Score: 2.2
Impact Score: 3.6
| Source | Type | Description |
|---|---|---|
| 3ff69d7a-14f2-4f67-a097-88dee7810d18 | Secondary |
en
CWE-476
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| gnu | glibc | * | <built-in method update of dict object at 0x702bdd12a100> | Application |
| debian | debian_linux | 10.0 | <built-in method update of dict object at 0x702bde535700> | Operating System |
| netapp | active_iq_unified_manager | - | <built-in method update of dict object at 0x702b80ad8d00> | Application |
| netapp | h300s_firmware | - | <built-in method update of dict object at 0x702bfc203580> | Operating System |
| netapp | h500s_firmware | - | <built-in method update of dict object at 0x702bdd12b840> | Operating System |
| netapp | h700s_firmware | - | <built-in method update of dict object at 0x702bde536540> | Operating System |
| netapp | h410s_firmware | - | <built-in method update of dict object at 0x702b83f2f900> | Operating System |
| netapp | h410c_firmware | - | <built-in method update of dict object at 0x702ba6eda780> | Operating System |
| netapp | h610c_firmware | - | <built-in method update of dict object at 0x702b80ad8ec0> | Operating System |
| netapp | h610s_firmware | - | <built-in method update of dict object at 0x702bdd12bf00> | Operating System |
| netapp | h615c_firmware | - | <built-in method update of dict object at 0x702bde167200> | Operating System |
| netapp | hci_bootstrap_os | - | <built-in method update of dict object at 0x702b80ad95c0> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:* |