The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.
Weakness
The product calls free() twice on the same memory address.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Glibc | Gnu | 2.29 (including) | 2.33 (including) |
| Red Hat Enterprise Linux 8 | RedHat | glibc-0:2.28-164.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | glibc-0:2.28-164.el8 | * |
| Eglibc | Ubuntu | trusty | * |
| Glibc | Ubuntu | esm-infra/focal | * |
| Glibc | Ubuntu | focal | * |
| Glibc | Ubuntu | groovy | * |
| Glibc | Ubuntu | trusty | * |
| Glibc | Ubuntu | xenial | * |
Potential Mitigations
References
- https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LZNT6KTMCCWPWXEOGSHD3YLYZKUGMH5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7TS26LIZSOBLGJEZMJX4PXT5BQDE2WS/
- https://security.gentoo.org/glsa/202107-07
- https://sourceware.org/bugzilla/show_bug.cgi?id=27462
- https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LZNT6KTMCCWPWXEOGSHD3YLYZKUGMH5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7TS26LIZSOBLGJEZMJX4PXT5BQDE2WS/
- https://security.gentoo.org/glsa/202107-07
- https://sourceware.org/bugzilla/show_bug.cgi?id=27462