CVE-2024-33600 — MEDIUM (5.9)

Q: How severe is CVE-2024-33600?

CVE-2024-33600 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-33600?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Glibc, Debian Debian Linux, Netapp Active Iq Unified Manager, Netapp H300S Firmware, Netapp H300S.

Vulnerability Description

nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gnu	Glibc	>= 2.15, < 2.40
Debian	Debian Linux	10.0
Netapp	Active Iq Unified Manager	-
Netapp	H300S Firmware	-
Netapp	H300S	-
Netapp	H500S Firmware	-
Netapp	H500S	-
Netapp	H700S Firmware	-
Netapp	H700S	-
Netapp	H410S Firmware	-
Netapp	H410S	-
Netapp	H410C Firmware	-
Netapp	H410C	-
Netapp	H610C Firmware	-
Netapp	H610C	-
Netapp	H610S Firmware	-
Netapp	H610S	-
Netapp	H615C Firmware	-
Netapp	H615C	-
Netapp	Hci Bootstrap Os	-

Related Weaknesses (CWE)

CWE-476

References

http://www.openwall.com/lists/oss-security/2024/07/22/5Mailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00026.htmlMailing ListThird Party Advisory
https://security.netapp.com/advisory/ntap-20240524-0013/Third Party Advisory
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006Broken Link
http://www.openwall.com/lists/oss-security/2024/07/22/5Mailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00026.htmlMailing ListThird Party Advisory
https://security.netapp.com/advisory/ntap-20240524-0013/Third Party Advisory
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006Broken Link
https://cert-portal.siemens.com/productcert/html/ssa-082556.html

FAQ

What is CVE-2024-33600?

CVE-2024-33600 is a vulnerability with a CVSS score of 5.9 (MEDIUM). nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null poi...

How severe is CVE-2024-33600?

CVE-2024-33600 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-33600?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Glibc, Debian Debian Linux, Netapp Active Iq Unified Manager, Netapp H300S Firmware, Netapp H300S.