High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2024-33602
High
Low
Medium
High
Critical
7.4
CVSS Score
Vulnerability Description
nscd: netgroup cache assumes NSS callback uses in-buffer strings
The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory
when the NSS callback does not store all strings in the provided buffer.
The flaw was introduced in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
L
Attack Complexity
H
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
H
Integrity
H
Availability
H
Known Affected Software
64 configuration(s) from 3 vendor(s)
debian_linux
Version:
10.0
CPE:
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
glibc
Version:
2.35
CPE:
cpe:2.3:a:gnu:glibc:2.35:*:*:*:*:*:*:*
glibc
Version:
2.38.19
CPE:
cpe:2.3:a:gnu:glibc:2.38.19:*:*:*:*:*:*:*
glibc
Version:
2.36.9000
CPE:
cpe:2.3:a:gnu:glibc:2.36.9000:*:*:*:*:*:*:*
glibc
Version:
2.26
CPE:
cpe:2.3:a:gnu:glibc:2.26:*:*:*:*:*:x86:*
glibc
Version:
2.23
CPE:
cpe:2.3:a:gnu:glibc:2.23:*:*:*:*:*:x86:*
glibc
Version:
2.33
CPE:
cpe:2.3:a:gnu:glibc:2.33:*:*:*:*:*:*:*
glibc
Version:
2.18.90
CPE:
cpe:2.3:a:gnu:glibc:2.18.90:*:*:*:*:*:*:*
glibc
Version:
2.36.113
CPE:
cpe:2.3:a:gnu:glibc:2.36.113:*:*:*:*:*:*:*
glibc
Version:
2.21
CPE:
cpe:2.3:a:gnu:glibc:2.21:*:*:*:*:*:*:*
glibc
Version:
2.30.9000
CPE:
cpe:2.3:a:gnu:glibc:2.30.9000:*:*:*:*:*:*:*
glibc
Version:
2.26.9000
CPE:
cpe:2.3:a:gnu:glibc:2.26.9000:*:*:*:*:*:*:*
glibc
Version:
2.37.38
CPE:
cpe:2.3:a:gnu:glibc:2.37.38:*:*:*:*:*:*:*
glibc
Version:
2.39.9000
CPE:
cpe:2.3:a:gnu:glibc:2.39.9000:*:*:*:*:*:*:*
glibc
Version:
2.37
CPE:
cpe:2.3:a:gnu:glibc:2.37:*:*:*:*:*:*:*
glibc
Version:
2.32.0
CPE:
cpe:2.3:a:gnu:glibc:2.32.0:*:*:*:*:*:*:*
glibc
Version:
2.33.9000
CPE:
cpe:2.3:a:gnu:glibc:2.33.9000:*:*:*:*:*:*:*
glibc
Version:
2.20
CPE:
cpe:2.3:a:gnu:glibc:2.20:*:*:*:*:*:x86:*
glibc
Version:
2.19.90
CPE:
cpe:2.3:a:gnu:glibc:2.19.90:*:*:*:*:*:*:*
glibc
Version:
2.17
CPE:
cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:x86:*
glibc
Version:
2.32.9000
CPE:
cpe:2.3:a:gnu:glibc:2.32.9000:*:*:*:*:*:*:*
glibc
Version:
2.18
CPE:
cpe:2.3:a:gnu:glibc:2.18:*:*:*:*:*:x86:*
glibc
Version:
2.15
CPE:
cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*
glibc
Version:
2.38.9000
CPE:
cpe:2.3:a:gnu:glibc:2.38.9000:*:*:*:*:*:*:*
glibc
Version:
2.30
CPE:
cpe:2.3:a:gnu:glibc:2.30:*:*:*:*:*:*:*
glibc
Version:
2.28.9000
CPE:
cpe:2.3:a:gnu:glibc:2.28.9000:*:*:*:*:*:*:*
glibc
Version:
2.29.9000
CPE:
cpe:2.3:a:gnu:glibc:2.29.9000:*:*:*:*:*:*:*
glibc
Version:
2.22
CPE:
cpe:2.3:a:gnu:glibc:2.22:*:*:*:*:*:x86:*
glibc
Version:
2.27.9000
CPE:
cpe:2.3:a:gnu:glibc:2.27.9000:*:*:*:*:*:*:*
glibc
Version:
2.36
CPE:
cpe:2.3:a:gnu:glibc:2.36:*:*:*:*:*:*:*
glibc
Version:
2.20.90
CPE:
cpe:2.3:a:gnu:glibc:2.20.90:*:*:*:*:*:*:*
glibc
Version:
2.29
CPE:
cpe:2.3:a:gnu:glibc:2.29:*:*:*:*:*:x86:*
glibc
Version:
2.37.9000
CPE:
cpe:2.3:a:gnu:glibc:2.37.9000:*:*:*:*:*:*:*
glibc
Version:
2.19
CPE:
cpe:2.3:a:gnu:glibc:2.19:*:*:*:*:*:*:*
glibc
Version:
2.16.90
CPE:
cpe:2.3:a:gnu:glibc:2.16.90:*:*:*:*:*:*:*
glibc
Version:
2.24.90
CPE:
cpe:2.3:a:gnu:glibc:2.24.90:*:*:*:*:*:*:*
glibc
Version:
2.39
CPE:
cpe:2.3:a:gnu:glibc:2.39:*:*:*:*:*:*:*
glibc
Version:
2.28
CPE:
cpe:2.3:a:gnu:glibc:2.28:*:*:*:*:*:x86:*
glibc
Version:
2.22.90
CPE:
cpe:2.3:a:gnu:glibc:2.22.90:*:*:*:*:*:*:*
glibc
Version:
2.31.9000
CPE:
cpe:2.3:a:gnu:glibc:2.31.9000:*:*:*:*:*:*:*
glibc
Version:
2.23.90
CPE:
cpe:2.3:a:gnu:glibc:2.23.90:*:*:*:*:*:*:*
glibc
Version:
2.32
CPE:
cpe:2.3:a:gnu:glibc:2.32:*:*:*:*:*:*:*
glibc
Version:
2.25.90
CPE:
cpe:2.3:a:gnu:glibc:2.25.90:*:*:*:*:*:*:*
glibc
Version:
2.17.90
CPE:
cpe:2.3:a:gnu:glibc:2.17.90:*:*:*:*:*:*:*
glibc
Version:
2.31
CPE:
cpe:2.3:a:gnu:glibc:2.31:*:*:*:*:*:x64:*
glibc
Version:
2.34
CPE:
cpe:2.3:a:gnu:glibc:2.34:*:*:*:*:*:*:*
glibc
Version:
2.27
CPE:
cpe:2.3:a:gnu:glibc:2.27:*:*:*:*:*:x86:*
glibc
Version:
2.38
CPE:
cpe:2.3:a:gnu:glibc:2.38:*:*:*:*:*:*:*
glibc
Version:
2.21.90
CPE:
cpe:2.3:a:gnu:glibc:2.21.90:*:*:*:*:*:*:*
glibc
Version:
2.16
CPE:
cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*
glibc
Version:
2.34.9000
CPE:
cpe:2.3:a:gnu:glibc:2.34.9000:*:*:*:*:*:*:*
glibc
Version:
2.25
CPE:
cpe:2.3:a:gnu:glibc:2.25:*:*:*:*:*:*:*
glibc
Version:
2.35.9000
CPE:
cpe:2.3:a:gnu:glibc:2.35.9000:*:*:*:*:*:*:*
glibc
Version:
2.16.0
CPE:
cpe:2.3:a:gnu:glibc:2.16.0:*:*:*:*:*:*:*
glibc
Version:
2.24
CPE:
cpe:2.3:a:gnu:glibc:2.24:*:*:*:*:*:*:*
solidfire_\&_hci_management_node
Version:
-
CPE:
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
element_software
Version:
-
CPE:
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
h700s_firmware
Version:
-
CPE:
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
solidfire_\&_hci_storage_node
Version:
-
CPE:
cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:*
h500s_firmware
Version:
-
CPE:
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
h410s_firmware
Version:
-
CPE:
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
h300s_firmware
Version:
-
CPE:
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
h410c_firmware
Version:
-
CPE:
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
hci_bootstrap_os
Version:
-
CPE:
cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*
This vulnerability affects 64 software configuration(s). Ensure you patch all affected systems.
Microsoft
2024-Dec-CVE-2024-33602
CVE-2024-33602: None
Severity
Unknown
Released
Oct 17, 2025
Security Update
Microsoft
2024-May-CVE-2024-33602
CVE-2024-33602: nscd: netgroup cache assumes NSS callback uses in-buffer strings
Severity
Unknown
Released
Oct 03, 2025
Security Update
Microsoft
2025-Jul-CVE-2024-33602
CVE-2024-33602: None
Severity
Unknown
Released
Sep 17, 2025
Security Update
Oracle
CPUJAN2025
Oracle Critical Patch Update Advisory - January 2025
Severity
Critical
Released
Jan 21, 2025
Restart Required
Security Update
References & Resources
-
http://www.openwall.com/lists/oss-security/2024/07/22/53ff69d7a-14f2-4f67-a097-88dee7810d18 Mailing List
-
https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html3ff69d7a-14f2-4f67-a097-88dee7810d18 Mailing List Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20240524-0012/3ff69d7a-14f2-4f67-a097-88dee7810d18 Third Party Advisory
-
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-00083ff69d7a-14f2-4f67-a097-88dee7810d18 Broken Link
-
http://www.openwall.com/lists/oss-security/2024/07/22/5af854a3a-2127-422b-91ae-364da2661108 Mailing List
-
https://lists.debian.org/debian-lts-announce/2024/06/msg00026.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20240524-0012/af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008af854a3a-2127-422b-91ae-364da2661108 Broken Link
Severity Details
7.4
out of 10.0
High
Weakness Type (CWE)
CWE-466
Return of Pointer Value Outside of Expected Range
- Description
- A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.
- Typical Severity
- Medium
- Abstraction Level
- Base
Key Information
- Published Date
- May 06, 2024
