{"id":"MGASA-2024-0173","summary":"Updated glibc packages fix security vulnerabilities","details":"Stack-based buffer overflow in netgroup cache: If the Name Service Cache\nDaemon's (nscd) fixed size cache is exhausted by client requests then a\nsubsequent client request for netgroup data may result in a stack-based\nbuffer overflow. (CVE-2024-33599)\nNull pointer crashes after notfound response: If the Name Service Cache\nDaemon's (nscd) cache fails to add a not-found netgroup response to the\ncache, the client request can result in a null pointer dereference.\n(CVE-2024-33600)\nNetgroup cache may terminate daemon on memory allocation failure: The\nName Service Cache Daemon's (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients.\n(CVE-2024-33601)\nNetgroup cache assumes NSS callback uses in-buffer strings: The Name\nService Cache Daemon's (nscd) netgroup cache can corrupt memory when the\nNSS callback does not store all strings in the provided buffer.\n(CVE-2024-33602)\n","modified":"2026-04-16T04:44:11.887625963Z","published":"2024-05-10T16:09:48Z","upstream":["CVE-2024-33599","CVE-2024-33600","CVE-2024-33601","CVE-2024-33602"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0173.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33185"}],"affected":[{"package":{"name":"glibc","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/glibc?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.36-54.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0173.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}