English
EN
Français
FR
Language
English
EN
Français
FR

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2024-33601

High
Low Medium High Critical
7.3
CVSS Score
Published: May 06, 2024
Last Modified: Aug 01, 2025
CWE: CWE-617

Vulnerability Description

nscd: netgroup cache may terminate daemon on memory allocation failure

The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or
xrealloc and these functions may terminate the process due to a memory
allocation failure resulting in a denial of service to the clients. The
flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
L
Integrity
L
Availability
L

Known Affected Software

64 configuration(s) from 3 vendor(s)

debian_linux
Version:
10.0
CPE:
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
glibc
Version:
2.35
CPE:
cpe:2.3:a:gnu:glibc:2.35:*:*:*:*:*:*:*
glibc
Version:
2.38.19
CPE:
cpe:2.3:a:gnu:glibc:2.38.19:*:*:*:*:*:*:*
glibc
Version:
2.36.9000
CPE:
cpe:2.3:a:gnu:glibc:2.36.9000:*:*:*:*:*:*:*
glibc
Version:
2.26
CPE:
cpe:2.3:a:gnu:glibc:2.26:*:*:*:*:*:x86:*
glibc
Version:
2.23
CPE:
cpe:2.3:a:gnu:glibc:2.23:*:*:*:*:*:x86:*
glibc
Version:
2.33
CPE:
cpe:2.3:a:gnu:glibc:2.33:*:*:*:*:*:*:*
glibc
Version:
2.18.90
CPE:
cpe:2.3:a:gnu:glibc:2.18.90:*:*:*:*:*:*:*
glibc
Version:
2.36.113
CPE:
cpe:2.3:a:gnu:glibc:2.36.113:*:*:*:*:*:*:*
glibc
Version:
2.21
CPE:
cpe:2.3:a:gnu:glibc:2.21:*:*:*:*:*:*:*
glibc
Version:
2.30.9000
CPE:
cpe:2.3:a:gnu:glibc:2.30.9000:*:*:*:*:*:*:*
glibc
Version:
2.26.9000
CPE:
cpe:2.3:a:gnu:glibc:2.26.9000:*:*:*:*:*:*:*
glibc
Version:
2.37.38
CPE:
cpe:2.3:a:gnu:glibc:2.37.38:*:*:*:*:*:*:*
glibc
Version:
2.39.9000
CPE:
cpe:2.3:a:gnu:glibc:2.39.9000:*:*:*:*:*:*:*
glibc
Version:
2.37
CPE:
cpe:2.3:a:gnu:glibc:2.37:*:*:*:*:*:*:*
glibc
Version:
2.32.0
CPE:
cpe:2.3:a:gnu:glibc:2.32.0:*:*:*:*:*:*:*
glibc
Version:
2.33.9000
CPE:
cpe:2.3:a:gnu:glibc:2.33.9000:*:*:*:*:*:*:*
glibc
Version:
2.20
CPE:
cpe:2.3:a:gnu:glibc:2.20:*:*:*:*:*:x86:*
glibc
Version:
2.19.90
CPE:
cpe:2.3:a:gnu:glibc:2.19.90:*:*:*:*:*:*:*
glibc
Version:
2.17
CPE:
cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:x86:*
glibc
Version:
2.32.9000
CPE:
cpe:2.3:a:gnu:glibc:2.32.9000:*:*:*:*:*:*:*
glibc
Version:
2.18
CPE:
cpe:2.3:a:gnu:glibc:2.18:*:*:*:*:*:x86:*
glibc
Version:
2.15
CPE:
cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*
glibc
Version:
2.38.9000
CPE:
cpe:2.3:a:gnu:glibc:2.38.9000:*:*:*:*:*:*:*
glibc
Version:
2.30
CPE:
cpe:2.3:a:gnu:glibc:2.30:*:*:*:*:*:*:*
glibc
Version:
2.28.9000
CPE:
cpe:2.3:a:gnu:glibc:2.28.9000:*:*:*:*:*:*:*
glibc
Version:
2.29.9000
CPE:
cpe:2.3:a:gnu:glibc:2.29.9000:*:*:*:*:*:*:*
glibc
Version:
2.22
CPE:
cpe:2.3:a:gnu:glibc:2.22:*:*:*:*:*:x86:*
glibc
Version:
2.27.9000
CPE:
cpe:2.3:a:gnu:glibc:2.27.9000:*:*:*:*:*:*:*
glibc
Version:
2.36
CPE:
cpe:2.3:a:gnu:glibc:2.36:*:*:*:*:*:*:*
glibc
Version:
2.20.90
CPE:
cpe:2.3:a:gnu:glibc:2.20.90:*:*:*:*:*:*:*
glibc
Version:
2.29
CPE:
cpe:2.3:a:gnu:glibc:2.29:*:*:*:*:*:x86:*
glibc
Version:
2.37.9000
CPE:
cpe:2.3:a:gnu:glibc:2.37.9000:*:*:*:*:*:*:*
glibc
Version:
2.19
CPE:
cpe:2.3:a:gnu:glibc:2.19:*:*:*:*:*:*:*
glibc
Version:
2.16.90
CPE:
cpe:2.3:a:gnu:glibc:2.16.90:*:*:*:*:*:*:*
glibc
Version:
2.24.90
CPE:
cpe:2.3:a:gnu:glibc:2.24.90:*:*:*:*:*:*:*
glibc
Version:
2.39
CPE:
cpe:2.3:a:gnu:glibc:2.39:*:*:*:*:*:*:*
glibc
Version:
2.28
CPE:
cpe:2.3:a:gnu:glibc:2.28:*:*:*:*:*:x86:*
glibc
Version:
2.22.90
CPE:
cpe:2.3:a:gnu:glibc:2.22.90:*:*:*:*:*:*:*
glibc
Version:
2.31.9000
CPE:
cpe:2.3:a:gnu:glibc:2.31.9000:*:*:*:*:*:*:*
glibc
Version:
2.23.90
CPE:
cpe:2.3:a:gnu:glibc:2.23.90:*:*:*:*:*:*:*
glibc
Version:
2.32
CPE:
cpe:2.3:a:gnu:glibc:2.32:*:*:*:*:*:*:*
glibc
Version:
2.25.90
CPE:
cpe:2.3:a:gnu:glibc:2.25.90:*:*:*:*:*:*:*
glibc
Version:
2.17.90
CPE:
cpe:2.3:a:gnu:glibc:2.17.90:*:*:*:*:*:*:*
glibc
Version:
2.31
CPE:
cpe:2.3:a:gnu:glibc:2.31:*:*:*:*:*:x64:*
glibc
Version:
2.34
CPE:
cpe:2.3:a:gnu:glibc:2.34:*:*:*:*:*:*:*
glibc
Version:
2.27
CPE:
cpe:2.3:a:gnu:glibc:2.27:*:*:*:*:*:x86:*
glibc
Version:
2.38
CPE:
cpe:2.3:a:gnu:glibc:2.38:*:*:*:*:*:*:*
glibc
Version:
2.21.90
CPE:
cpe:2.3:a:gnu:glibc:2.21.90:*:*:*:*:*:*:*
glibc
Version:
2.16
CPE:
cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*
glibc
Version:
2.34.9000
CPE:
cpe:2.3:a:gnu:glibc:2.34.9000:*:*:*:*:*:*:*
glibc
Version:
2.25
CPE:
cpe:2.3:a:gnu:glibc:2.25:*:*:*:*:*:*:*
glibc
Version:
2.35.9000
CPE:
cpe:2.3:a:gnu:glibc:2.35.9000:*:*:*:*:*:*:*
glibc
Version:
2.16.0
CPE:
cpe:2.3:a:gnu:glibc:2.16.0:*:*:*:*:*:*:*
glibc
Version:
2.24
CPE:
cpe:2.3:a:gnu:glibc:2.24:*:*:*:*:*:*:*
h610c_firmware
Version:
-
CPE:
cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*
h700s_firmware
Version:
-
CPE:
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
h500s_firmware
Version:
-
CPE:
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
h410s_firmware
Version:
-
CPE:
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
h615c_firmware
Version:
-
CPE:
cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*
h300s_firmware
Version:
-
CPE:
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
h410c_firmware
Version:
-
CPE:
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
h610s_firmware
Version:
-
CPE:
cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
hci_bootstrap_os
Version:
-
CPE:
cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*
This vulnerability affects 64 software configuration(s). Ensure you patch all affected systems.

Available Security Patches

6 patches available from vendors

View All Patches
Microsoft

2025-Feb-CVE-2024-33601

CVE-2024-33601: None

Severity
Unknown
Released
Oct 24, 2025
Security Update
View Details Vendor Page
Microsoft

2024-Jul-CVE-2024-33601

CVE-2024-33601: None

Severity
Unknown
Released
Oct 11, 2025
Security Update
View Details Vendor Page
Microsoft

2024-May-CVE-2024-33601

CVE-2024-33601: nscd: netgroup cache may terminate daemon on memory allocation failure

Severity
Unknown
Released
Oct 03, 2025
Security Update
View Details Vendor Page
Microsoft

2025-Jul-CVE-2024-33601

CVE-2024-33601: None

Severity
Unknown
Released
Sep 17, 2025
Security Update
View Details Vendor Page
Microsoft

2025-Mar-CVE-2024-33601

CVE-2024-33601: None

Severity
Unknown
Released
Sep 04, 2025
Security Update
View Details Vendor Page
Oracle

CPUJAN2025

Oracle Critical Patch Update Advisory - January 2025

Severity
Critical
Released
Jan 21, 2025
Restart Required
Security Update
View Details Vendor Page
Browse All Security Patches

References & Resources

Severity Details

7.3
out of 10.0
High

Weakness Type (CWE)

CWE-617

Reachable Assertion

Description
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Typical Severity
High
Abstraction Level
Base
View CWE Details on MITRE

Key Information

Published Date
May 06, 2024

External Resources

NIST
NIST NVD
National Vulnerability Database
MT
MITRE CVE
Official CVE record