CVE-2024-33599

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions glibc versions 2.15 and later

Description The issue is a stack-based buffer overflow in the netgroup cache of the Name Service Cache Daemon (nscd). This occurs when the nscd's fixed size cache is exhausted by client requests, and a subsequent client request for netgroup data may result in the buffer overflow. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

Recommendations To resolve the issue, update glibc to a version where the flaw is fixed. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Stack Overflow

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-617

Related Identifiers

ALSA-2024:3339

ALSA-2024:3344

ALT-PU-2024-7263

ALT-PU-2024-7271

ALT-PU-2024-7402

AZL-40288

AZL-40310

BDU:2024-03561

BDU:2024-03602

CESA-2024_3344

CVE-2024-33599

DLA-3850-1

DSA-5678-1

INFSA-2024_3339

INFSA-2024_3344

MGASA-2024-0173

OESA-2024-1544

OESA-2024-1593

OESA-2024-1594

OESA-2024-1624

OESA-2024-1691

OPENSUSE-SU-2024:13935-1

OPENSUSE-SU-2024_1895-1

RHSA-2024:2799

RHSA-2024:3309

RHSA-2024:3312

RHSA-2024:3339

RHSA-2024:3344

RHSA-2024:3411

RHSA-2024:3423

RHSA-2024:3464

RHSA-2024:3588

RHSA-2024_3339

RHSA-2024_3344

RHSA-2024_3588

RLSA-2024:3339

RLSA-2024:3344

SUSE-SU-2024:1675-1

SUSE-SU-2024:1895-1

SUSE-SU-2024:1895-2

SUSE-SU-2024:1977-1

SUSE-SU-2024_1895-1

SUSE-SU-2025:20038-1

USN-6804-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Glibc

CVE-2024-33599

Weakness Enumeration

Related Identifiers

Affected Products

References · 124