vulnerability

Debian: CVE-2024-33602: glibc -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:M/Au:N/C:C/I:C/A:C)	May 6, 2024	May 6, 2024	Mar 30, 2026

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:C/A:C)

Published

May 6, 2024

Added

May 6, 2024

Modified

Mar 30, 2026

Description

nscd: netgroup cache assumes NSS callback uses in-buffer strings

The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory
when the NSS callback does not store all strings in the provided buffer.
The flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Solution

debian-upgrade-glibc

References

CVE-2024-33602
https://attackerkb.com/topics/CVE-2024-33602
CWE-466
DEBIAN-DSA-5678-1
EUVD-EUVD-2024-31339
https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-31339

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report