Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-33602


nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.


Published

2024-05-06T20:15:11.680

Last Modified

2025-06-18T14:40:48.823

Status

Analyzed

Source

3ff69d7a-14f2-4f67-a097-88dee7810d18

Severity

CVSSv3.1: 7.4 (HIGH)

Weaknesses
  • Type: Secondary
    CWE-466

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application gnu glibc < 2.40 Yes
Operating System debian debian_linux 10.0 Yes
Operating System netapp h300s_firmware - Yes
Hardware netapp h300s - No
Operating System netapp h500s_firmware - Yes
Hardware netapp h500s - No
Operating System netapp h700s_firmware - Yes
Hardware netapp h700s - No
Operating System netapp h410s_firmware - Yes
Hardware netapp h410s - No
Operating System netapp h410c_firmware - Yes
Hardware netapp h410c - No
Application netapp element_software - Yes
Application netapp solidfire_\&_hci_management_node - Yes
Application netapp solidfire_\&_hci_storage_node - Yes
Operating System netapp hci_bootstrap_os - Yes

References