IM
IronMonkey Threat Research

CVE-2024-33602 HIGH

Published: 2024-05-06 | Last Modified: 2026-05-12 | Status: Modified

Description

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

Additional Descriptions (1)

nscd: la caché de netgroup supone que la devolución de llamada de NSS utiliza cadenas en el búfer La caché de netgroup del daemon de caché del servicio de nombres (nscd) puede dañar la memoria cuando la devolución de llamada de NSS no almacena todas las cadenas en el búfer proporcionado. La falla se introdujo en glibc 2.15 cuando se agregó el caché a nscd. Esta vulnerabilidad sólo está presente en el binario nscd.

CVSS Metrics

Base Score: 7.4 (HIGH)

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorLOCAL
Attack ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactHIGH
Integrity ImpactHIGH
Availability ImpactHIGH

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Type: Secondary

Exploitability Score: 1.4

Impact Score: 5.9

Weaknesses

Source Type Description
3ff69d7a-14f2-4f67-a097-88dee7810d18 Secondary
en CWE-466

Affected Products

Vendor Product Version Update Type
gnu glibc * <built-in method update of dict object at 0x702bfc36af40> Application
debian debian_linux 10.0 <built-in method update of dict object at 0x702bcbcf0380> Operating System
netapp h300s_firmware - <built-in method update of dict object at 0x702bddae7700> Operating System
netapp h500s_firmware - <built-in method update of dict object at 0x702bfc368400> Operating System
netapp h700s_firmware - <built-in method update of dict object at 0x702bfc368e00> Operating System
netapp h410s_firmware - <built-in method update of dict object at 0x702bfc36bf40> Operating System
netapp h410c_firmware - <built-in method update of dict object at 0x702bfc36a240> Operating System
netapp element_software - <built-in method update of dict object at 0x702bcbcf1d80> Application
netapp solidfire_\&_hci_management_node - <built-in method update of dict object at 0x702bcbcf31c0> Application
netapp solidfire_\&_hci_storage_node - <built-in method update of dict object at 0x702bfc36a680> Application
netapp hci_bootstrap_os - <built-in method update of dict object at 0x702bdc344600> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
Yes cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
Yes cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*

References

Notification
Message here