jiachao2130/csaf2cusa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0b84f3c661
csaf2cusa/cusas/g/glibc/glibc-2.34-149_openEuler-SA-2024-1544.json
Jia Chao 0b84f3c661 增加测试用的配置和目录 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-02 15:51:55 +08:00

14 lines
2.5 KiB
JSON
Raw Blame History

{
"id": "openEuler-SA-2024-1544",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1544",
"title": "An update for glibc is now available for openEuler-20.03-LTS-SP4 and openEuler-22.03-LTS",
"severity": "Important",
"description": "The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational facilities as open, read, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt, login, exit and more.\r\n\r\nSecurity Fix(es):\r\n\r\nnscd: Stack-based buffer overflow in netgroup cache\r\n\r\nIf the Name Service Cache Daemon's (nscd) fixed size cache is exhausted\nby client requests then a subsequent client request for netgroup data\nmay result in a stack-based buffer overflow. This flaw was introduced\nin glibc 2.15 when the cache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.\n(CVE-2024-33599)\r\n\r\nnscd: Null pointer crashes after notfound response\r\n\r\nIf the Name Service Cache Daemon's (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference. This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.\r\n\r\n(CVE-2024-33600)\r\n\r\nnscd: netgroup cache may terminate daemon on memory allocation failure\r\n\r\nThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients. The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.\r\n\r\n(CVE-2024-33601)\r\n\r\nnscd: netgroup cache assumes NSS callback uses in-buffer strings\r\n\r\nThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.\r\n\r\n(CVE-2024-33602)",
"cves": [
{
"id": "CVE-2024-33602",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33602",
"severity": "Important"
}
]
}
Reference in New Issue View Git Blame Copy Permalink