CVE-2024-33601

nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
http://www.openwall.com/lists/oss-security/2024/07/22/5	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20240524-0014/	Third Party Advisory
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007	Broken Link
http://www.openwall.com/lists/oss-security/2024/07/22/5	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20240524-0014/	Third Party Advisory
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*

Configuration 11 (hide)

cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*

History

18 Jun 2025, 14:44

Type	Values Removed	Values Added
CPE		cpe:2.3:o:netapp:h700s_firmware:-:::::::* cpe:2.3:o:netapp:h410s_firmware:-:::::::* cpe:2.3:h:netapp:h500s:-:::::::* cpe:2.3:a:gnu:glibc:::::::: cpe:2.3:h:netapp:h410c:-:::::::* cpe:2.3:h:netapp:h610c:-:::::::* cpe:2.3:o:netapp:h410c_firmware:-:::::::* cpe:2.3:h:netapp:h610s:-:::::::* cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:h:netapp:h410s:-:::::::* cpe:2.3:o:netapp:h615c_firmware:-:::::::* cpe:2.3:o:netapp:h300s_firmware:-:::::::* cpe:2.3:o:netapp:h610s_firmware:-:::::::* cpe:2.3:h:netapp:h615c:-:::::::* cpe:2.3:o:netapp:h500s_firmware:-:::::::* cpe:2.3:o:netapp:hci_bootstrap_os:-:::::::* cpe:2.3:h:netapp:h300s:-:::::::* cpe:2.3:h:netapp:h700s:-:::::::*
First Time		Netapp h500s Firmware Netapp Debian Gnu glibc Netapp h410s Firmware Netapp h700s Firmware Netapp h610s Firmware Netapp h410c Netapp h500s Netapp h615c Firmware Debian debian Linux Netapp h300s Netapp h300s Firmware Netapp h410s Gnu Netapp h410c Firmware Netapp h610c Netapp h610s Netapp hci Bootstrap Os Netapp h700s Netapp h615c
References	~~() http://www.openwall.com/lists/oss-security/2024/07/22/5 -~~	() http://www.openwall.com/lists/oss-security/2024/07/22/5 - Mailing List, Third Party Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html -~~	() https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html - Mailing List, Third Party Advisory
References	~~() https://security.netapp.com/advisory/ntap-20240524-0014/ -~~	() https://security.netapp.com/advisory/ntap-20240524-0014/ - Third Party Advisory
References	~~() https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007 -~~	() https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007 - Broken Link

18 Mar 2025, 14:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.3

21 Feb 2025, 17:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : unknown

13 Feb 2025, 18:18

Type	Values Removed	Values Added
Summary	(en) nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.	(en) nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

21 Nov 2024, 09:17

Type	Values Removed	Values Added
References	~~() http://www.openwall.com/lists/oss-security/2024/07/22/5 -~~	() http://www.openwall.com/lists/oss-security/2024/07/22/5 -
References	~~() https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html -~~	() https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html -
References	~~() https://security.netapp.com/advisory/ntap-20240524-0014/ -~~	() https://security.netapp.com/advisory/ntap-20240524-0014/ -
References	~~() https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007 -~~	() https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007 -

22 Jul 2024, 18:15

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2024/07/22/5 -

03 Jul 2024, 01:58

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

30 Jun 2024, 15:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html -

10 Jun 2024, 18:15

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20240524-0014/ -

07 May 2024, 13:39

Type	Values Removed	Values Added
Summary		(es) nscd: la caché de netgroup puede terminar el daemon ante una falla en la asignación de memoria La caché de netgroup del daemon de caché del servicio de nombres (nscd) usa xmalloc o xrealloc y estas funciones pueden terminar el proceso debido a una falla en la asignación de memoria que resulta en una denegación de servicio a los clientes. La falla se introdujo en glibc 2.15 cuando se agregó el caché a nscd. Esta vulnerabilidad sólo está presente en el binario nscd.

06 May 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-06 20:15

Updated : 2025-06-18 14:44

NVD link : CVE-2024-33601

Mitre link : CVE-2024-33601

CVE.ORG link : CVE-2024-33601

JSON object : View

Products Affected

netapp

h700s_firmware
h410s_firmware
h700s
h615c
hci_bootstrap_os
h500s
h410s
h610c
h410c
h300s
h410c_firmware
h610s_firmware
h610s
h615c_firmware
h300s_firmware
h500s_firmware

debian

debian_linux

gnu

glibc

CWE

CWE-617

Reachable Assertion

{"id": "CVE-2024-33601", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 3.9}]}, "published": "2024-05-06T20:15:11.603", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5", "tags": ["Mailing List", "Third Party Advisory"], "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "https://security.netapp.com/advisory/ntap-20240524-0014/", "tags": ["Third Party Advisory"], "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007", "tags": ["Broken Link"], "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20240524-0014/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "description": [{"lang": "en", "value": "CWE-617"}]}], "descriptions": [{"lang": "en", "value": "nscd: netgroup cache may terminate daemon on memory allocation failure\n\nThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients. The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary."}, {"lang": "es", "value": "nscd: la cach\u00e9 de netgroup puede terminar el daemon ante una falla en la asignaci\u00f3n de memoria La cach\u00e9 de netgroup del daemon de cach\u00e9 del servicio de nombres (nscd) usa xmalloc o xrealloc y estas funciones pueden terminar el proceso debido a una falla en la asignaci\u00f3n de memoria que resulta en una denegaci\u00f3n de servicio a los clientes. La falla se introdujo en glibc 2.15 cuando se agreg\u00f3 el cach\u00e9 a nscd. Esta vulnerabilidad s\u00f3lo est\u00e1 presente en el binario nscd."}], "lastModified": "2025-06-18T14:44:19.073", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D95E16DA-1F17-4B1B-B231-7A4DEDA8C7BA", "versionEndExcluding": "2.40", "versionStartIncluding": "2.15"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7296A1F2-D315-4FD5-8A73-65C480C855BE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C"}], "operator": "OR"}]}], "sourceIdentifier": "3ff69d7a-14f2-4f67-a097-88dee7810d18"}

7.3 /10