CVE-2024-33602
Publication date 6 May 2024
Last updated 24 July 2024
Ubuntu priority
nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.
Status
Package | Ubuntu Release | Status |
---|---|---|
eglibc | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
14.04 LTS trusty | Ignored end of ESM support, was needs-triage | |
glibc | 24.10 oracular |
Needs evaluation
|
24.04 LTS noble |
Fixed 2.39-0ubuntu8.2
|
|
22.04 LTS jammy |
Fixed 2.35-0ubuntu3.8
|
|
20.04 LTS focal |
Fixed 2.31-0ubuntu9.16
|
|
18.04 LTS bionic |
Fixed 2.27-3ubuntu1.6+esm3
|
|
16.04 LTS xenial |
Fixed 2.23-0ubuntu11.3+esm7
|
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu ProNotes
Patch details
References
Related Ubuntu Security Notices (USN)
- USN-6804-1
- GNU C Library vulnerabilities
- 31 May 2024