CVE-2024-33600

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions glibc versions 2.15 and later

Description The Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, resulting in a null pointer dereference when a client request is made. This flaw was introduced in glibc 2.15 when the cache was added to nscd. The vulnerability is only present in the nscd binary. It is estimated that 50 images are affected.

Recommendations For glibc version 2.15 and later, update to a version where the flaw is fixed, or as a temporary workaround, consider disabling the nscd binary until a patch is available.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2024:3339

ALSA-2024:3344

ALT-PU-2024-7263

ALT-PU-2024-7271

ALT-PU-2024-7402

AZL-40277

AZL-40291

BDU:2024-03562

CESA-2024_3344

CVE-2024-33600

DLA-3850-1

DSA-5678-1

INFSA-2024_3339

INFSA-2024_3344

MGASA-2024-0173

OESA-2024-1544

OESA-2024-1593

OESA-2024-1594

OESA-2024-1624

OESA-2024-1691

OPENSUSE-SU-2024:13991-1

OPENSUSE-SU-2024_1895-1

RHSA-2024:2799

RHSA-2024:3309

RHSA-2024:3312

RHSA-2024:3339

RHSA-2024:3344

RHSA-2024:3411

RHSA-2024:3423

RHSA-2024:3464

RHSA-2024:3588

RHSA-2024_3339

RHSA-2024_3344

RHSA-2024_3588

RLSA-2024:3339

RLSA-2024:3344

SUSE-SU-2024:1675-1

SUSE-SU-2024:1895-1

SUSE-SU-2024:1895-2

SUSE-SU-2024:1977-1

SUSE-SU-2025:20038-1

USN-6804-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Glibc

CVE-2024-33600

Weakness Enumeration

Related Identifiers

Affected Products

References · 113