Updated: 2026-02-22 03:16:21.137844
Description:
nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | HIGH | 7.6 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | glibc | 2.34 | 7.6 | HIGH | Released | CLSA-2024:1718023873 | 2024-06-10 10:15:06 | |
| CentOS 6 ELS | glibc | 2.12 | 7.6 | HIGH | Released | CLSA-2024:1718901417 | 2024-07-11 10:15:10 | |
| CentOS 7 ELS | glibc | 2.17 | 7.6 | HIGH | Released | CLSA-2024:1720027216 | 2024-07-19 04:52:20 | |
| CentOS 8.4 ELS | glibc | 2.28 | 7.6 | HIGH | Released | CLSA-2024:1718973147 | 2024-06-21 10:10:17 | |
| CentOS 8.5 ELS | glibc | 2.28 | 7.6 | HIGH | Released | CLSA-2024:1723482999 | 2024-08-12 14:30:00 | |
| CentOS Stream 8 ELS | glibc | 2.28 | 7.6 | HIGH | Released | CLSA-2024:1718900000 | 2024-06-20 14:21:27 | |
| CloudLinux 6 ELS | glibc | 2.12 | 7.6 | HIGH | Released | CLSA-2024:1718901588 | 2024-07-08 14:24:10 | |
| Oracle Linux 6 ELS | glibc | 2.12 | 7.6 | HIGH | Released | CLSA-2024:1718900760 | 2024-06-20 14:21:29 | |
| Ubuntu 16.04 ELS | glibc | 2.23-0 | 7.6 | HIGH | Released | CLSA-2024:1719920973 | 2024-07-02 11:13:26 | |
| Ubuntu 18.04 ELS | glibc | 2.27-3 | 7.6 | HIGH | Released | CLSA-2024:1719569907 | 2024-06-28 10:14:35 |