Home > Vulnerability Database > CVE-2024-33602

Mend.io Vulnerability Database

CVE-2024-33602

Date: May 6, 2024

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

Language: C

Severity Score

7.4

Related Resources (8)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-33602

Url: http://www.openwall.com/lists/oss-security/2024/07/22/5

Url: https://sourceware.org/git/?p=glibc.git

Url: https://security.netapp.com/advisory/ntap-20240524-0012/

Url: https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html

Url: https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008

Url: https://security-tracker.debian.org/tracker/CVE-2024-33602

Url: https://www.mend.io/vulnerability-database/CVE-2024-33602

Severity Score

7.4

Weakness Type (CWE)

Return of Pointer Value Outside of Expected Range

CWE-466

CVSS v3.1

Base Score:	7.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-33602

Date: May 6, 2024

Language: C

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?