CVE-2024-33601 — HIGH (7.3)

Q: How severe is CVE-2024-33601?

CVE-2024-33601 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-33601?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Glibc, Debian Debian Linux, Netapp H300S Firmware, Netapp H300S, Netapp H500S Firmware.

Vulnerability Description

nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

CVSS Score

7.3

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Gnu	Glibc	>= 2.15, < 2.40
Debian	Debian Linux	10.0
Netapp	H300S Firmware	-
Netapp	H300S	-
Netapp	H500S Firmware	-
Netapp	H500S	-
Netapp	H700S Firmware	-
Netapp	H700S	-
Netapp	H410S Firmware	-
Netapp	H410S	-
Netapp	H410C Firmware	-
Netapp	H410C	-
Netapp	H610C Firmware	-
Netapp	H610C	-
Netapp	H615C Firmware	-
Netapp	H615C	-
Netapp	H610S Firmware	-
Netapp	H610S	-
Netapp	Hci Bootstrap Os	-
Netapp	Hci Compute Node	-

Related Weaknesses (CWE)

CWE-617

References

http://www.openwall.com/lists/oss-security/2024/07/22/5Mailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00026.htmlMailing ListThird Party Advisory
https://security.netapp.com/advisory/ntap-20240524-0014/Third Party Advisory
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007Broken Link
http://www.openwall.com/lists/oss-security/2024/07/22/5Mailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00026.htmlMailing ListThird Party Advisory
https://security.netapp.com/advisory/ntap-20240524-0014/Third Party Advisory
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007Broken Link
https://cert-portal.siemens.com/productcert/html/ssa-082556.html

FAQ

What is CVE-2024-33601?

CVE-2024-33601 is a vulnerability with a CVSS score of 7.3 (HIGH). nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due...

How severe is CVE-2024-33601?

CVE-2024-33601 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-33601?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Glibc, Debian Debian Linux, Netapp H300S Firmware, Netapp H300S, Netapp H500S Firmware.