nscd: netgroup cache assumes NSS callback uses in-buffer strings
The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory
when the NSS callback does not store all strings in the provided buffer.
The flaw was introduced in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2024/07/22/5 | Mailing List |
https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20240524-0012/ | Third Party Advisory |
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008 | Broken Link |
http://www.openwall.com/lists/oss-security/2024/07/22/5 | Mailing List |
https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20240524-0012/ | Third Party Advisory |
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008 | Broken Link |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
|
Configuration 9 (hide)
|
History
18 Jun 2025, 14:40
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:* |
|
First Time |
Netapp h300s
Netapp h410c Debian Gnu Netapp h300s Firmware Netapp h700s Firmware Debian debian Linux Netapp hci Bootstrap Os Netapp h410s Netapp h700s Netapp solidfire \& Hci Management Node Netapp h410s Firmware Netapp Netapp h500s Netapp element Software Netapp h500s Firmware Gnu glibc Netapp h410c Firmware Netapp solidfire \& Hci Storage Node |
|
References | () http://www.openwall.com/lists/oss-security/2024/07/22/5 - Mailing List | |
References | () https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html - Mailing List, Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20240524-0012/ - Third Party Advisory | |
References | () https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008 - Broken Link |
13 Feb 2025, 18:18
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. |
21 Nov 2024, 09:17
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2024/07/22/5 - | |
References | () https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html - | |
References | () https://security.netapp.com/advisory/ntap-20240524-0012/ - | |
References | () https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008 - | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.4 |
22 Jul 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Jul 2024, 01:58
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.6 |
10 Jun 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 May 2024, 13:39
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 May 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-05-06 20:15
Updated : 2025-06-18 14:40
NVD link : CVE-2024-33602
Mitre link : CVE-2024-33602
CVE.ORG link : CVE-2024-33602
JSON object : View
Products Affected
netapp
- h700s
- h700s_firmware
- element_software
- hci_bootstrap_os
- h410s
- h500s_firmware
- h410c
- solidfire_\&_hci_storage_node
- h300s_firmware
- solidfire_\&_hci_management_node
- h500s
- h410c_firmware
- h410s_firmware
- h300s
gnu
- glibc
debian
- debian_linux
CWE
CWE-466
Return of Pointer Value Outside of Expected Range