nscd: netgroup cache may terminate daemon on memory allocation failure
The Name Service Cache Daemons (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Enterprise Linux 7 | RedHat | glibc-0:2.17-326.el7_9.3 | * |
| Red Hat Enterprise Linux 8 | RedHat | glibc-0:2.28-251.el8_10.2 | * |
| Red Hat Enterprise Linux 8 | RedHat | glibc-0:2.28-251.el8_10.2 | * |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | glibc-0:2.28-101.el8_2.2 | * |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | glibc-0:2.28-151.el8_4.2 | * |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | glibc-0:2.28-151.el8_4.2 | * |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | glibc-0:2.28-151.el8_4.2 | * |
| Red Hat Enterprise Linux 8.6 Extended Update Support | RedHat | glibc-0:2.28-189.10.el8_6 | * |
| Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | glibc-0:2.28-225.el8_8.11 | * |
| Red Hat Enterprise Linux 9 | RedHat | glibc-0:2.34-100.el9_4.2 | * |
| Red Hat Enterprise Linux 9 | RedHat | glibc-0:2.34-100.el9_4.2 | * |
| Red Hat Enterprise Linux 9.0 Extended Update Support | RedHat | glibc-0:2.34-28.el9_0.6 | * |
| Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | glibc-0:2.34-60.el9_2.14 | * |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | RedHat | glibc-0:2.28-189.10.el8_6 | * |
| Service Interconnect 1.4 for RHEL 9 | RedHat | service-interconnect/skupper-config-sync-rhel9:1.4.5-2 | * |
| Service Interconnect 1.4 for RHEL 9 | RedHat | service-interconnect/skupper-flow-collector-rhel9:1.4.5-2 | * |
| Service Interconnect 1.4 for RHEL 9 | RedHat | service-interconnect/skupper-operator-bundle:1.4.5-4 | * |
| Service Interconnect 1.4 for RHEL 9 | RedHat | service-interconnect/skupper-router-rhel9:2.4.3-4 | * |
| Service Interconnect 1.4 for RHEL 9 | RedHat | service-interconnect/skupper-service-controller-rhel9:1.4.5-2 | * |
| Service Interconnect 1.4 for RHEL 9 | RedHat | service-interconnect/skupper-site-controller-rhel9:1.4.5-2 | * |
| Glibc | Ubuntu | esm-infra/bionic | * |
| Glibc | Ubuntu | esm-infra/xenial | * |
| Glibc | Ubuntu | focal | * |
| Glibc | Ubuntu | jammy | * |
| Glibc | Ubuntu | mantic | * |
| Glibc | Ubuntu | noble | * |
While assertion is good for catching logic errors and reducing the chances of reaching more serious vulnerability conditions, it can still lead to a denial of service. For example, if a server handles multiple simultaneous connections, and an assert() occurs in one single connection that causes all other connections to be dropped, this is a reachable assertion that leads to a denial of service.