Vulnerability CVE-2024-33602: Information

Description

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

URL: https://nvd.nist.gov/vuln/detail/CVE-2024-33602
Published: May 6, 2024
Modified: May 7, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
glibcsisyphus2.38.0.76.e9f05fa1c6-alt12.38.0.76.e9f05fa1c6-alt1ALT-PU-2024-7263-2347163Fixed
glibcsisyphus_loongarch642.38.0.76.e9f05fa1c6-alt1.0.port2.38.0.76.e9f05fa1c6-alt1.0.portALT-PU-2024-7462-1-Fixed
glibcp102.32-alt5.p10.32.32-alt5.p10.3ALT-PU-2024-7271-3347164Fixed
glibcc10f12.32-alt5.p10.32.32-alt5.p10.3ALT-PU-2024-7402-2347166Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.1
    Back to top