AZL-40282

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-40282.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-40282

Upstream

CVE-2024-33601

Published

2024-05-06T20:15:11Z

Modified

2026-04-01T05:13:59.815351Z

Summary

CVE-2024-33601 affecting package glibc for versions less than 2.38-11

Details

nscd: netgroup cache may terminate daemon on memory allocation failure

The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-33601

Affected packages

Azure Linux:3 / glibc

Package

Name: glibc
Purl: pkg:rpm/azure-linux/glibc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.38-11

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-40282.json"