CVE-2024-33602

The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

References

Affected packages

Git / github.com/bminor/glibc

Affected ranges

Type

GIT

Repo

https://github.com/bminor/glibc

Events

Introduced

c0da14cdda1fa552262ce3624156194eef43e973

Fixed

3d1aed874918c466a4477af1da35983ab036690e

Database specific

{
    "versions": [
        {
            "introduced": "2.15"
        },
        {
            "fixed": "2.40"
        }
    ]
}

Affected versions

Other

changelog-ends-here

glibc-2.*

glibc-2.15

glibc-2.16

glibc-2.16-ports-merge

glibc-2.16-tps

glibc-2.16.0

glibc-2.16.90

glibc-2.17

glibc-2.17.90

glibc-2.18

glibc-2.18.90

glibc-2.19

glibc-2.19.90

glibc-2.20

glibc-2.20.90

glibc-2.21

glibc-2.21.90

glibc-2.22

glibc-2.22.90

glibc-2.23

glibc-2.23.90

glibc-2.24

glibc-2.24.90

glibc-2.25

glibc-2.25.90

glibc-2.26

glibc-2.26.9000

glibc-2.27

glibc-2.27.9000

glibc-2.28

glibc-2.28.9000

glibc-2.29

glibc-2.29.9000

glibc-2.30

glibc-2.30.9000

glibc-2.31

glibc-2.31.9000

glibc-2.32

glibc-2.32.9000

glibc-2.33

glibc-2.33.9000

glibc-2.34

glibc-2.34.9000

glibc-2.35

glibc-2.35.9000

glibc-2.36

glibc-2.36.9000

glibc-2.37

glibc-2.37.9000

glibc-2.38

glibc-2.38.9000

glibc-2.39

glibc-2.39.9000

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-33602.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    }
]