CVE-2024-33599

Updated: 2024-05-23 11:48:36.45643

Description:

nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x HIGH 7.6

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU glibc 2.34 7.6 HIGH Released CLSA-2024:1718023873 2024-06-10 10:15:06
CentOS 6 ELS glibc 2.12 7.6 HIGH Released CLSA-2024:1718901417 2024-07-11 10:15:10
CentOS 7 ELS glibc 2.17 7.6 HIGH Released CLSA-2024:1720027216 2024-07-19 04:52:20
CentOS 8.4 ELS glibc 2.28 7.6 HIGH Released CLSA-2024:1718973147 2024-06-21 10:10:17
CentOS 8.5 ELS glibc 2.28 7.6 HIGH Released CLSA-2024:1723482999 2024-08-12 14:30:00
CentOS Stream 8 ELS glibc 2.28 7.6 HIGH Released CLSA-2024:1718900000 2024-06-20 14:21:27
CloudLinux 6 ELS glibc 2.12 7.6 HIGH Released CLSA-2024:1718901588 2024-07-08 14:24:10
Oracle Linux 6 ELS glibc 2.12 7.6 HIGH Released CLSA-2024:1718900760 2024-06-20 14:21:29
Ubuntu 16.04 ELS glibc 2.23-0 7.6 HIGH Released CLSA-2024:1719920973 2024-07-02 11:13:26
Ubuntu 18.04 ELS glibc 2.27-3 7.6 HIGH Released CLSA-2024:1719569907 2024-06-28 10:14:35