acrypthash👨🏻‍💻May 4, 2024
Harry Sintonen

Several vulnerabilities have been discovered in #nscd, the Name Service Cache Daemon in the #glibc which may lead to denial of service or the execution of arbitrary code.

The vulnerability details:
- CVE-2024-33599: https://sourceware.org/bugzilla/show_bug.cgi?id=31677
- CVE-2024-33600: https://sourceware.org/bugzilla/show_bug.cgi?id=31678
- CVE-2024-33601: https://sourceware.org/bugzilla/show_bug.cgi?id=31679
- CVE-2024-33602: https://sourceware.org/bugzilla/show_bug.cgi?id=31680

https://lists.debian.org/debian-security-announce/2024/msg00087.html #vulnerability #infosec #cybersecurity #CVE202433599 #CVE202433600 #CVE202433601 #CVE202433602

31677 – (CVE-2024-33599) nscd: netgroup cache: invalid memcpy under low memory/storage conditions

May 3, 2024 at 8:58pmWeb
Show threadMatt PalmerMay 4, 2024
@harrysintonen @screaminggoat thankfully it looks like it won't be vulnerable in default configurations, because all the CVEs mention the netgroup service, which isn't commonly used.
Show threadHarry SintonenMay 4, 2024
@womble @screaminggoat That looks like to be the case, indeed.