CVE-2024-33602 Vulnerability Details

  /     /     /  

CVE-2024-33602 Metadata Quick Info

CVE Published: 06/05/2024 | CVE Updated: 02/08/2024 | CVE Year: 2024
Source: glibc | Vendor: The GNU C Library | Product: glibc
Status : PUBLISHED

CVE-2024-33602 Description

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon\'s (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-466
CWE Name: CWE-466 Return of Pointer Value Outside of Expected Range
Source: The GNU C Library

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-129
CAPEC Description: CAPEC-129 Pointer Manipulation


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2024-33602 Vulnerability Details