CVE-2024-33602— nscd: netgroup cache assumes NSS callback uses in-buffer strings
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-33602
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
nscd: netgroup cache assumes NSS callback uses in-buffer strings
Source: NVD (National Vulnerability Database)
Vulnerability Description
nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
在预期范围外返回指针值
Source: NVD (National Vulnerability Database)
Vulnerability Title
glibc 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
glibc(GNU C Library)是GNU计划所实现的C标准库。 glibc 存在安全漏洞,该漏洞源于addgetnetgrentX 中的缓冲区大小调整代码假定所有字符串指针都指向提供的缓冲区,这可能会导致内存损坏及服务崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| The GNU C Library | glibc | 2.15 ~ 2.40 | - |
II. Public POCs for CVE-2024-33602
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-33602
请登录查看更多情报信息。
Same Patch Batch · The GNU C Library · 2024-05-06 · 4 CVEs total
| CVE-2024-33599 | nscd: Stack-based buffer overflow in netgroup cache | |
| CVE-2024-33601 | nscd: netgroup cache may terminate daemon on memory allocation failure | |
| CVE-2024-33600 | nscd: Null pointer crashes after notfound response |
IV. Related Vulnerabilities
Same product: glibc
- CVE-2026-6238
Buffer overread in ns_printrrf with corrupted RDATA field - CVE-2026-5435
Potential buffer overflow in ns_sprintrrf TSIG handling path - CVE-2026-5450
scanf %mc off-by-one heap buffer overflow - CVE-2026-5928
Potential buffer under-read in ungetwc - CVE-2026-4046
iconv crash due to assertion failure with untrusted input
Same vendor: The GNU C Library
- CVE-2026-6238
Buffer overread in ns_printrrf with corrupted RDATA field - CVE-2026-5435
Potential buffer overflow in ns_sprintrrf TSIG handling path - CVE-2026-5450
scanf %mc off-by-one heap buffer overflow - CVE-2026-5928
Potential buffer under-read in ungetwc - CVE-2026-4046
iconv crash due to assertion failure with untrusted input
Same weakness: CWE-466
- CVE-2018-25234
SmartFTP Client 9.0.2615.0 Denial of Service via Host Field - CVE-2018-25227
Valentina Studio 9.0.4 Denial of Service via Host Parameter - CVE-2019-25599
Backup Key Recovery 2.2.4 Denial of Service via Name Field - CVE-2019-25586
Deluge 1.3.15 Denial of Service via URL Field - CVE-2019-25548
BlueStacks 4.80.0.1060 Denial of Service via Search Field
V. Comments for CVE-2024-33602
No comments yet