CVE-2024-33600

If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Database specific

{
    "cwe_ids": [
        "CWE-476"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/33xxx/CVE-2024-33600.json",
    "cna_assigner": "glibc"
}

References

Affected packages

Git / sourceware.org/git/glibc.git

Affected ranges

Type: GIT
Repo: https://sourceware.org/git/glibc.git
Events: Introduced

c0da14cdda1fa552262ce3624156194eef43e973

Fixed

3d1aed874918c466a4477af1da35983ab036690e

Affected versions

Other

changelog-ends-here

glibc-2.*

glibc-2.15

glibc-2.16

glibc-2.16-ports-merge

glibc-2.16-tps

glibc-2.16.0

glibc-2.16.90

glibc-2.17

glibc-2.17.90

glibc-2.18

glibc-2.18.90

glibc-2.19

glibc-2.19.90

glibc-2.20

glibc-2.20.90

glibc-2.21

glibc-2.21.90

glibc-2.22

glibc-2.22.90

glibc-2.23

glibc-2.23.90

glibc-2.24

glibc-2.24.90

glibc-2.25

glibc-2.25.90

glibc-2.26

glibc-2.26.9000

glibc-2.27

glibc-2.27.9000

glibc-2.28

glibc-2.28.9000

glibc-2.29

glibc-2.29.9000

glibc-2.30

glibc-2.30.9000

glibc-2.31

glibc-2.31.9000

glibc-2.32

glibc-2.32.9000

glibc-2.33

glibc-2.33.9000

glibc-2.34

glibc-2.34.9000

glibc-2.35

glibc-2.35.9000

glibc-2.36

glibc-2.36.9000

glibc-2.37

glibc-2.37.9000

glibc-2.38

glibc-2.38.9000

glibc-2.39

glibc-2.39.9000

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-33600.json"