{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-33602", "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "state": "PUBLISHED", "assignerShortName": "glibc", "dateReserved": "2024-04-24T20:35:08.340Z", "datePublished": "2024-05-06T19:22:12.383Z", "dateUpdated": "2024-05-06T19:22:12.383Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "glibc", "vendor": "The GNU C Library", "versions": [{"lessThan": "2.40", "status": "affected", "version": "2.15", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>nscd: netgroup cache assumes NSS callback uses in-buffer strings<br><br>The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory<br>when the NSS callback does not store all strings in the provided buffer.<br>The flaw was introduced in glibc 2.15 when the cache was added to nscd.<br><br>This vulnerability is only present in the nscd binary.</div>"}], "value": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\n\nThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n\n"}], "impacts": [{"capecId": "CAPEC-129", "descriptions": [{"lang": "en", "value": "CAPEC-129 Pointer Manipulation"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-466", "description": "CWE-466 Return of Pointer Value Outside of Expected Range", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "shortName": "glibc", "dateUpdated": "2024-05-06T19:22:12.383Z"}, "references": [{"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008"}, {"url": "https://security.netapp.com/advisory/ntap-20240524-0012/"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"}], "source": {"discovery": "UNKNOWN"}, "title": "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "gnu", "product": "glibc", "cpes": ["cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "2.15", "status": "affected", "lessThan": "2.40", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-13T16:09:29.755117Z", "id": "CVE-2024-33602", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-13T16:26:29.854Z"}}]}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\n\nThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n\n"}, {"lang": "es", "value": "nscd: la cach\u00e9 de netgroup supone que la devoluci\u00f3n de llamada de NSS utiliza cadenas en el b\u00fafer La cach\u00e9 de netgroup del daemon de cach\u00e9 del servicio de nombres (nscd) puede da\u00f1ar la memoria cuando la devoluci\u00f3n de llamada de NSS no almacena todas las cadenas en el b\u00fafer proporcionado. La falla se introdujo en glibc 2.15 cuando se agreg\u00f3 el cach\u00e9 a nscd. Esta vulnerabilidad s\u00f3lo est\u00e1 presente en el binario nscd."}], "id": "CVE-2024-33602", "lastModified": "2024-06-10T18:15:34.443", "metrics": {}, "published": "2024-05-06T20:15:11.680", "references": [{"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "url": "https://security.netapp.com/advisory/ntap-20240524-0012/"}, {"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008"}], "sourceIdentifier": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-466"}], "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary"}]}

{}