{"id":"CVE-2024-33601","summary":"nscd: netgroup cache may terminate daemon on memory allocation failure","details":"nscd: netgroup cache may terminate daemon on memory allocation failure\n\nThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients.  The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.","modified":"2026-05-18T05:56:04.370165645Z","published":"2024-05-06T19:22:07.763Z","related":["ALSA-2024:3339","ALSA-2024:3344","CGA-3965-xgmf-3r8w","SUSE-SU-2024:1675-1","SUSE-SU-2024:1895-1","SUSE-SU-2024:1895-2","SUSE-SU-2024:1977-1","SUSE-SU-2025:20038-1","openSUSE-SU-2024:13991-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/33xxx/CVE-2024-33601.json","cwe_ids":["CWE-617"],"cna_assigner":"glibc"},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/07/22/5"},{"type":"WEB","url":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/33xxx/CVE-2024-33601.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-33601"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240524-0014/"},{"type":"ADVISORY","url":"https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bminor/glibc","events":[{"introduced":"c0da14cdda1fa552262ce3624156194eef43e973"},{"fixed":"3d1aed874918c466a4477af1da35983ab036690e"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"2.15"},{"fixed":"2.40"}],"cpe":"cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*"}}],"versions":["glibc-2.39.9000","glibc-2.39","glibc-2.38","glibc-2.38.9000","glibc-2.37","glibc-2.37.9000","glibc-2.36","glibc-2.36.9000","glibc-2.35","glibc-2.35.9000","glibc-2.34","glibc-2.34.9000","glibc-2.33","glibc-2.33.9000","glibc-2.32","glibc-2.32.9000","glibc-2.31","glibc-2.31.9000","changelog-ends-here","glibc-2.30","glibc-2.30.9000","glibc-2.29","glibc-2.29.9000","glibc-2.28","glibc-2.28.9000","glibc-2.27","glibc-2.27.9000","glibc-2.26","glibc-2.26.9000","glibc-2.25","glibc-2.25.90","glibc-2.24","glibc-2.24.90","glibc-2.23","glibc-2.23.90","glibc-2.22","glibc-2.22.90","glibc-2.21","glibc-2.21.90","glibc-2.20","glibc-2.20.90","glibc-2.19","glibc-2.19.90","glibc-2.18","glibc-2.18.90","glibc-2.17","glibc-2.17.90","glibc-2.16.0","glibc-2.16.90","glibc-2.16-ports-merge","glibc-2.16","glibc-2.16-tps","glibc-2.15"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-33601.json"}},{"ranges":[{"type":"GIT","repo":"https://sourceware.org/git/glibc.git","events":[{"introduced":"c0da14cdda1fa552262ce3624156194eef43e973"},{"fixed":"3d1aed874918c466a4477af1da35983ab036690e"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"2.15"},{"fixed":"2.40"}],"cpe":"cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*"}}],"versions":["glibc-2.39.9000","glibc-2.39","glibc-2.38","glibc-2.38.9000","glibc-2.37","glibc-2.37.9000","glibc-2.36","glibc-2.36.9000","glibc-2.35","glibc-2.35.9000","glibc-2.34","glibc-2.34.9000","glibc-2.33","glibc-2.33.9000","glibc-2.32","glibc-2.32.9000","glibc-2.31","glibc-2.31.9000","changelog-ends-here","glibc-2.30","glibc-2.30.9000","glibc-2.29","glibc-2.29.9000","glibc-2.28","glibc-2.28.9000","glibc-2.27","glibc-2.27.9000","glibc-2.26","glibc-2.26.9000","glibc-2.25","glibc-2.25.90","glibc-2.24","glibc-2.24.90","glibc-2.23","glibc-2.23.90","glibc-2.22","glibc-2.22.90","glibc-2.21","glibc-2.21.90","glibc-2.20","glibc-2.20.90","glibc-2.19","glibc-2.19.90","glibc-2.18","glibc-2.18.90","glibc-2.17","glibc-2.17.90","glibc-2.16.0","glibc-2.16.90","glibc-2.16-ports-merge","glibc-2.16","glibc-2.16-tps","glibc-2.15"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-33601.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}]}