CVE-2024-33601

CVSS v3.1

7.3

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions glibc versions 2.15 and later

Description The issue is related to the Name Service Cache Daemon's (nscd) netgroup cache, which uses xmalloc or xrealloc functions. These functions may terminate the process due to a memory allocation failure, resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

Recommendations For glibc versions 2.15 and later, consider disabling the netgroup cache in nscd as a temporary workaround to minimize the risk of exploitation. Restrict access to the nscd binary to prevent potential attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

ALSA-2024:3339

ALSA-2024:3344

ALT-PU-2024-7263

ALT-PU-2024-7271

ALT-PU-2024-7402

AZL-40282

AZL-40316

BDU:2024-03602

CESA-2024_3344

CVE-2024-33601

DLA-3850-1

DSA-5678-1

INFSA-2024_3339

INFSA-2024_3344

MGASA-2024-0173

OESA-2024-1544

OESA-2024-1593

OESA-2024-1594

OESA-2024-1624

OESA-2024-1691

OPENSUSE-SU-2024:13991-1

OPENSUSE-SU-2024_1895-1

RHSA-2024:2799

RHSA-2024:3309

RHSA-2024:3312

RHSA-2024:3339

RHSA-2024:3344

RHSA-2024:3411

RHSA-2024:3423

RHSA-2024:3464

RHSA-2024:3588

RHSA-2024_3339

RHSA-2024_3344

RHSA-2024_3588

RLSA-2024:3339

RLSA-2024:3344

SUSE-SU-2024:1675-1

SUSE-SU-2024:1895-1

SUSE-SU-2024:1895-2

SUSE-SU-2024:1977-1

SUSE-SU-2025:20038-1

USN-6804-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Glibc

CVE-2024-33601

Weakness Enumeration

Related Identifiers

Affected Products

References · 118