7.4

CVE-2024-33602

EPSS 0.32%
Veröffentlicht 06.05.2024 20:15:11
Zuletzt bearbeitet 18.06.2025 14:40:48
Quelle 3ff69d7a-14f2-4f67-a097-88dee7
Teams Watchlist Login
Unerledigt Login

nscd: netgroup cache assumes NSS callback uses in-buffer strings

The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory
when the NSS callback does not store all strings in the provided buffer.
The flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gnu ≫ Glibc Version >= 2.15 < 2.40

Debian ≫ Debian Linux Version10.0

Netapp ≫ H300s Firmware Version-

Netapp ≫ H300s Version-

Netapp ≫ H500s Firmware Version-

Netapp ≫ H500s Version-

Netapp ≫ H700s Firmware Version-

Netapp ≫ H700s Version-

Netapp ≫ H410s Firmware Version-

Netapp ≫ H410s Version-

Netapp ≫ H410c Firmware Version-

Netapp ≫ H410c Version-

Netapp ≫ Element Software Version-

Netapp ≫ Hci Bootstrap Os Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.542

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.4	1.4	5.9	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-466 Return of Pointer Value Outside of Expected Range

A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.

http://www.openwall.com/lists/oss-security/2024/07/22/5

Mailing List

https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html

Third Party Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20240524-0012/

Third Party Advisory

https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2024-33602

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-33602

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-33602

EUVD