CVE Vulnerabilities

CVE-2024-33601

Reachable Assertion

Published: May 06, 2024 | Modified: Jul 22, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
4 LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Ubuntu
MEDIUM

nscd: netgroup cache may terminate daemon on memory allocation failure

The Name Service Cache Daemons (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Weakness

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Affected Software

Name Vendor Start Version End Version
Red Hat Enterprise Linux 7 RedHat glibc-0:2.17-326.el7_9.3 *
Red Hat Enterprise Linux 8 RedHat glibc-0:2.28-251.el8_10.2 *
Red Hat Enterprise Linux 8 RedHat glibc-0:2.28-251.el8_10.2 *
Red Hat Enterprise Linux 8.2 Advanced Update Support RedHat glibc-0:2.28-101.el8_2.2 *
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support RedHat glibc-0:2.28-151.el8_4.2 *
Red Hat Enterprise Linux 8.4 Telecommunications Update Service RedHat glibc-0:2.28-151.el8_4.2 *
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions RedHat glibc-0:2.28-151.el8_4.2 *
Red Hat Enterprise Linux 8.6 Extended Update Support RedHat glibc-0:2.28-189.10.el8_6 *
Red Hat Enterprise Linux 8.8 Extended Update Support RedHat glibc-0:2.28-225.el8_8.11 *
Red Hat Enterprise Linux 9 RedHat glibc-0:2.34-100.el9_4.2 *
Red Hat Enterprise Linux 9 RedHat glibc-0:2.34-100.el9_4.2 *
Red Hat Enterprise Linux 9.0 Extended Update Support RedHat glibc-0:2.34-28.el9_0.6 *
Red Hat Enterprise Linux 9.2 Extended Update Support RedHat glibc-0:2.34-60.el9_2.14 *
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 RedHat glibc-0:2.28-189.10.el8_6 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-config-sync-rhel9:1.4.5-2 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-flow-collector-rhel9:1.4.5-2 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-operator-bundle:1.4.5-4 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-router-rhel9:2.4.3-4 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-service-controller-rhel9:1.4.5-2 *
Service Interconnect 1.4 for RHEL 9 RedHat service-interconnect/skupper-site-controller-rhel9:1.4.5-2 *
Glibc Ubuntu esm-infra/bionic *
Glibc Ubuntu esm-infra/xenial *
Glibc Ubuntu focal *
Glibc Ubuntu jammy *
Glibc Ubuntu mantic *
Glibc Ubuntu noble *

Extended Description

While assertion is good for catching logic errors and reducing the chances of reaching more serious vulnerability conditions, it can still lead to a denial of service. For example, if a server handles multiple simultaneous connections, and an assert() occurs in one single connection that causes all other connections to be dropped, this is a reachable assertion that leads to a denial of service.

Potential Mitigations

References