CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache

Published Apr 25, 2024
·
Updated

A stack-based buffer overflow in nscd was reported and assigned CVE-2024-33599.

Reference: https://sourceware.org/bugzilla/showbug.cgi?id=31677

---

nscd/netgroupcache.c (addinnetgrX):

497 struct indataset 498 { 499 struct datahead head; 500 innetgroupresponseheader resp; 501 } dataset 502 = (struct indataset ) mempoolalloc (db, 503 sizeof (dataset) + req->keylen, 504 1);

mempoolalloc fails and returns NULL.

This is possible if posixfallocate fails and the retry fails.

505 struct indataset datasetmem; 506 bool cacheable = true; 507 if (glibcunlikely (dataset == NULL)) 508 { 509 cacheable = false; 510 dataset = &datasetmem;

This structure has no room for req->keylen material.

511 } 512 513 dataheadinitpos (&dataset->head, sizeof (dataset) + req->keylen, 514 sizeof (innetgroupresponseheader), 515 he == NULL ? 0 : dh->nreloads + 1, result->head.ttl); 516 / Set the notfound status and timeout based on the result from 517 getnetgrent. / 518 dataset->head.notfound = result->head.notfound; 519 dataset->head.timeout = timeout; 520 521 dataset->resp.version = NSCDVERSION; 522 dataset->resp.found = result->resp.found; 523 / Until we find a matching entry the result is 0. / 524 dataset->resp.result = 0; 525 526 char keycopy = memcpy ((char ) (dataset + 1), group, req->keylen);

This copies up to req->keylen material to a structure that has no storage space for it.

This was detected by static code analysis.

It will only happen in the case the database runs out of memory/storage while expanding the netgroup cache.

The group entries overwrite other data on the stack after datasetmem.

The workaround is not to cache the netgroup if this is impacting the use of the application.

Other sources

glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests. By sending a subsequent client request, a remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system.

IBM

nscd: Stack-based buffer overflow in netgroup cache

If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

NVD

Affected Software

15 affected componentsFixes available
debian/glibc
2.31-13+deb11u112.31-13+deb11u102.36-9+deb12u82.36-9+deb12u72.40-2
GNU glibc>=2.15<2.40
Debian Debian Linux=10.0
All of the following
NetApp H300s Firmware
NetApp H300s
All of the following
NetApp H500s Firmware
NetApp H500s
All of the following
NetApp H700s Firmware
NetApp H700s
All of the following
NetApp H410s Firmware
NetApp H410s
All of the following
NetApp H410c Firmware
NetApp H410c
NetApp Hci Bootstrap Os
IBM QRadar Network Packet Capture<=7.5.0 - 7.5.0 Update Package 7

Remediation

Patch Available

https://sourceware.org/git/?p=glibc.git;a=commit;h=87801a8fd06db1d654eea3e4f7626ff476a9bdaa

Event History

Apr 25, 2024
Data Sourced
via Red Hat·05:24 PM
DescriptionSeverityAffected Software
May 6, 2024
CVE Published
via MITRE·07:21 PM
Data Sourced
via MITRE·07:21 PM
DescriptionWeakness
Data Sourced
via NVD·08:15 PM
DescriptionWeakness
Data Sourced
via NVD·08:15 PM
SeverityAffected Software
Jun 28, 2024
Data Sourced
via Launchpad·03:14 PM
Description
Jul 23, 2024
Data Sourced
via IBM·12:00 AM
DescriptionSeverityAffected Software
Sep 16, 2024
Data Sourced
via Ubuntu·03:25 PM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-33599?

CVE-2024-33599 is classified as a high-severity vulnerability due to its stack-based buffer overflow nature.

2

How do I fix CVE-2024-33599?

To mitigate CVE-2024-33599, update to the latest versions of glibc as recommended in security advisories.

3

Which products are affected by CVE-2024-33599?

CVE-2024-33599 affects IBM QRadar Network Packet Capture version 7.5.0 - 7.5.0 Update Package 7 and certain versions of the glibc package.

4

What type of vulnerability is CVE-2024-33599?

CVE-2024-33599 is a stack-based buffer overflow vulnerability that may allow attackers to execute arbitrary code.

5

Are there any known exploits for CVE-2024-33599?

As of now, there are no public exploits available for CVE-2024-33599, but the vulnerability's high severity means potential risk exists.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203