Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2024-33599

Published: April 26, 2024Last modified: April 27, 2024

Description

nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

Severity score breakdown

ParameterValue
Base score8.1
Attack VectorNETWORK
Attack complexityHIGH
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityHIGH
Integrity impactHIGH
Availability impactHIGH
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSglibcFixed (2.37.0-r13)
StreamglibcFixed (2.37.0-r13)

References

Published BELL-SAs

ON THIS PAGE