ГлавнаяУязвимости → CVE-2024-33602
7.4высокая

CVE-2024-33602

→ есть в БДУ: BDU:2024-03601 (на русском)
Описание (на английском; русское — в БДУ выше)

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

Затрагиваемое ПО
Gnu GlibcDebian Debian linuxNetapp H300s firmwareNetapp H300sNetapp H500s firmwareNetapp H500sNetapp H700s firmwareNetapp H700sNetapp H410s firmwareNetapp H410sNetapp H410c firmwareNetapp H410cNetapp Element softwareNetapp Solidfire \& hci management nodeNetapp Solidfire \& hci storage nodeNetapp Hci bootstrap os
CVSS
Балл7.4 — высокая
ВекторCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
http://www.openwall.com/lists/oss-security/2024/07/22/5https://lists.debian.org/debian-lts-announce/2024/06/msg00026.htmlhttps://security.netapp.com/advisory/ntap-20240524-0012/https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008http://www.openwall.com/lists/oss-security/2024/07/22/5https://lists.debian.org/debian-lts-announce/2024/06/msg00026.htmlhttps://security.netapp.com/advisory/ntap-20240524-0012/https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008