csaf_redhat - rhsa-2024

rhsa-2024_4126

Vulnerability from csaf_redhat

Published

2024-06-26 14:31

Modified

2024-11-21 19:36

Summary

Red Hat Security Advisory: Red Hat Service Interconnect 1.4.5 Release security update

Notes

Topic

This is release 1.4 of the container images for Red Hat Service Interconnect. Red Hat Service Interconnect 1.4 introduces a service network, linking TCP and HTTP services across the hybrid cloud. A service network enables communication between services running in different network locations or sites. It allows geographically distributed services to connect as if they were all running in the same site. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

As a Kubernetes user, I cannot connect easily connect services from one cluster with services on another cluster. Red Hat Application Interconnect enables me to create a service network and it allows geographically distributed services to connect as if they were all running in the same site.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "This is release 1.4 of the container images for Red Hat Service Interconnect. Red Hat Service Interconnect 1.4 introduces a service network, linking TCP and HTTP services across the hybrid cloud.\nA service network enables communication between services running in different network locations or sites. It allows geographically distributed services to connect as if they were all running in the same site.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "As a Kubernetes user, I cannot connect easily connect services from one cluster with services on another cluster. Red Hat Application Interconnect enables me to create a service network and it allows geographically distributed services to connect as if they were all running in the same site.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:4126",
        "url": "https://access.redhat.com/errata/RHSA-2024:4126"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_service_interconnect/1.4",
        "url": "https://docs.redhat.com/en/documentation/red_hat_service_interconnect/1.4"
      },
      {
        "category": "external",
        "summary": "2268019",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
      },
      {
        "category": "external",
        "summary": "2268273",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4126.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Service Interconnect 1.4.5 Release security update",
    "tracking": {
      "current_release_date": "2024-11-21T19:36:32+00:00",
      "generator": {
        "date": "2024-11-21T19:36:32+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2024:4126",
      "initial_release_date": "2024-06-26T14:31:27+00:00",
      "revision_history": [
        {
          "date": "2024-06-26T14:31:27+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-06-26T14:31:27+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T19:36:32+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "9Base-Service-Interconnect-1.4",
                "product": {
                  "name": "9Base-Service-Interconnect-1.4",
                  "product_id": "9Base-Service-Interconnect-1.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Service Interconnect"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
                "product": {
                  "name": "service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
                  "product_id": "service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-config-sync-rhel9\u0026tag=1.4.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
                "product": {
                  "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
                  "product_id": "service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-flow-collector-rhel9\u0026tag=1.4.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
                "product": {
                  "name": "service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
                  "product_id": "service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-operator-bundle\u0026tag=1.4.5-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
                "product": {
                  "name": "service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
                  "product_id": "service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-router-rhel9\u0026tag=2.4.3-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
                "product": {
                  "name": "service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
                  "product_id": "service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-service-controller-rhel9\u0026tag=1.4.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64",
                "product": {
                  "name": "service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64",
                  "product_id": "service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-site-controller-rhel9\u0026tag=1.4.5-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64"
        },
        "product_reference": "service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64"
        },
        "product_reference": "service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64"
        },
        "product_reference": "service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64"
        },
        "product_reference": "service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64"
        },
        "product_reference": "service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
        },
        "product_reference": "service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Charles Fol"
          ]
        }
      ],
      "cve": "CVE-2024-2961",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2024-04-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2273404"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc\u0027s iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glibc: Out of bounds write in iconv may lead to remote code execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The described vulnerability in the iconv() function of GNU C Library, particularly affecting ISO-2022-CN-EXT character set conversions, poses a important severity issue due to its potential for out-of-bound writes. Such buffer overflows can lead to arbitrary memory corruption, which can be exploited by attackers to execute arbitrary code, crash applications, or overwrite critical data structures, including neighboring variables. Given that the overflow can occur with specific, predictable values through SS2designation and SS3designation escape sequences, an attacker could craft malicious input to specifically trigger these overflows. Exploitation of this vulnerability could result in denial of service, privilege escalation, or even remote code execution, posing a significant threat to the security and integrity of affected systems.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-2961"
        },
        {
          "category": "external",
          "summary": "RHBZ#2273404",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273404"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-2961",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2961",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2961"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2024/04/17/9",
          "url": "https://www.openwall.com/lists/oss-security/2024/04/17/9"
        }
      ],
      "release_date": "2024-04-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-26T14:31:27+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:4126"
        },
        {
          "category": "workaround",
          "details": "This issue can be mitigated by removing the ISO-2022-CN-EXT from glibc-gconv-extra\u0027s modules configuration. This can be done by:\n\n1) Verify if the module is loaded by running:\n~~~\n$ iconv -l | grep -E \u0027CN-?EXT\u0027\nISO-2022-CN-EXT//\nISO2022CNEXT//\n~~~\n\nIf the grep output looks like the above, ISO-2022-CN-EXT module is enabled.\n\n2) Disabled the module by editing the file located at /usr/lib64/gconv/gconv-modules.d/gconv-modules-extra.conf and comment the following lines. For RHEL 7 the file that needs to be edited is /usr/lib64/gconv/gconv-modules. This step requires to be executed by a privileged user:\n~~~\n#       from                    to                      module          cost\nalias   ISO2022CNEXT//          ISO-2022-CN-EXT//\nmodule  ISO-2022-CN-EXT//       INTERNAL                ISO-2022-CN-EXT 1\nmodule  INTERNAL                ISO-2022-CN-EXT//       ISO-2022-CN-EXT 1\n~~~\n\nFor commenting those lines just add the \u0027#\u0027 character at the beginning of mentioned lines:\n~~~\n#       from                    to                      module          cost\n#alias  ISO2022CNEXT//          ISO-2022-CN-EXT//\n#module ISO-2022-CN-EXT//       INTERNAL                ISO-2022-CN-EXT 1\n#module INTERNAL                ISO-2022-CN-EXT//       ISO-2022-CN-EXT 1\n~~~\n\n3) Update the iconv cache by running:\n~~~\nsudo iconvconfig\n~~~\n\n4) Check if the module was disabled by running the first step again. This time  ISO-2022-CN-EXT should not appear in the output.\n\nPlease notice that disabling the mentioned gconv module may lead applications relying in the affected module to fail in converting characters and should be used as a temporary mitigation before being able to fully update the affected package.",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "glibc: Out of bounds write in iconv may lead to remote code execution"
    },
    {
      "cve": "CVE-2024-33599",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "discovery_date": "2024-04-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2277202"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glibc: stack-based buffer overflow in netgroup cache",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This stack-based buffer overflow vulnerability in nscd presents a important severity issue due to its potential to be exploited by malicious actors to execute arbitrary code or cause denial-of-service (DoS) conditions. By carefully crafting input data, an attacker could manipulate the program\u0027s control flow, leading to unintended behavior such as executing arbitrary commands, escalating privileges, or crashing the application. Since the overflow occurs in a critical system component responsible for caching name service data, exploitation could have far-reaching consequences, including unauthorized access to sensitive information or disruption of essential services.\n\n\nThis issue affects the nscd RPM package and not the glibc RPM package itself. Affected components are tracked by their RPM source package, in this case, the nscd binary package is built from the glibc source package, hence the affected component is glibc.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-33599"
        },
        {
          "category": "external",
          "summary": "RHBZ#2277202",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2277202"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-33599",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-33599",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33599"
        }
      ],
      "release_date": "2024-04-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-26T14:31:27+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:4126"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "glibc: stack-based buffer overflow in netgroup cache"
    },
    {
      "cve": "CVE-2024-33600",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2024-04-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2277204"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glibc: null pointer dereferences after failed netgroup cache insertion",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The flaw identified in the glibc netgroup cache constitutes a moderate severity issue due to its potential to trigger null pointer dereferences, leading to program crashes or exits. While null pointer dereferences can cause disruptions to system operations and possibly result in denial-of-service conditions, their impact is limited primarily to the affected process or application instance. However, the risk of exploitation may vary depending on the context of system usage. Systems that heavily rely on netgroup functionality may be more susceptible to exploitation, particularly if malicious actors can manipulate network traffic to trigger the vulnerability.\n\n\nThis issue affects the nscd RPM package and not the glibc RPM package itself. Affected components are tracked by their RPM source package, in this case, the nscd binary package is built from the glibc source package, hence the affected component is glibc.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-33600"
        },
        {
          "category": "external",
          "summary": "RHBZ#2277204",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2277204"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-33600",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-33600",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33600"
        }
      ],
      "release_date": "2024-04-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-26T14:31:27+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:4126"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "glibc: null pointer dereferences after failed netgroup cache insertion"
    },
    {
      "cve": "CVE-2024-33601",
      "cwe": {
        "id": "CWE-703",
        "name": "Improper Check or Handling of Exceptional Conditions"
      },
      "discovery_date": "2024-04-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2277205"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glibc: netgroup cache may terminate daemon on memory allocation failure",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The flaw in the glibc netgroup cache, while concerning, is categorized as a low severity issue due to several factors. Firstly, the exploitation of this vulnerability requires specific conditions, such as a memory allocation failure within the netgroup cache, which may not occur frequently in typical usage scenarios. Additionally, the impact of such failures is limited to the termination of the affected process, rather than facilitating unauthorized access or data manipulation. Furthermore, the likelihood of successful exploitation and the potential for widespread harm are comparatively low, given the specific nature of the vulnerability and its constrained impact.\n\n\nThis issue affects the nscd RPM package and not the glibc RPM package itself. Affected components are tracked by their RPM source package, in this case, the nscd binary package is built from the glibc source package, hence the affected component is glibc.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-33601"
        },
        {
          "category": "external",
          "summary": "RHBZ#2277205",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2277205"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-33601",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-33601",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33601"
        }
      ],
      "release_date": "2024-04-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-26T14:31:27+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:4126"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "glibc: netgroup cache may terminate daemon on memory allocation failure"
    },
    {
      "cve": "CVE-2024-33602",
      "cwe": {
        "id": "CWE-703",
        "name": "Improper Check or Handling of Exceptional Conditions"
      },
      "discovery_date": "2024-04-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2277206"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glibc: netgroup cache assumes NSS callback uses in-buffer strings",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The identified flaw in the glibc netgroup cache, while significant in its potential to cause memory corruption and crashes, may be categorized as a low severity issue due to several factors. Firstly, the exploitation of this vulnerability requires specific conditions to be met, such as the presence of netgroup-related functionality and the ability to manipulate memory within the target system. Secondly, the impact of the vulnerability is limited to the context of the affected application or system component, rather than posing a system-wide or network-wide threat.\n\n\nThis issue affects the nscd RPM package and not the glibc RPM package itself. Affected components are tracked by their RPM source package, in this case, the nscd binary package is built from the glibc source package, hence the affected component is glibc.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-33602"
        },
        {
          "category": "external",
          "summary": "RHBZ#2277206",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2277206"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-33602",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-33602",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33602"
        }
      ],
      "release_date": "2024-04-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-26T14:31:27+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:4126"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:acec4546e82ec80f9b1c90cf43f653f44fe42a5f9b3b3e353c794cb4085c8156_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:2dfbfbe8c0d129eabda2111a4901b61ac1d7e6e6424c11bf08669aef4479cac6_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:fa023abc1d035d287121e6d96a97fab219fe6297c0c3205b4d08ad955520efdd_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:20cf7f29b16b5811d3161e58aeb2281c6ac6760ce3eb95e7aa491c43ac545e44_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:93ca95396c7f18bd736226d96728415364ad8327510eaff8eb18716a7f1cd5a8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:ab50c15ee7f5bcf71160f261447634b0f68f09704ec5f0c15f034b0578f37416_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "glibc: netgroup cache assumes NSS callback uses in-buffer strings"
    }
  ]
}

cve-2024-33600

Vulnerability from cvelistv5

Published

2024-05-06 19:22

Modified

2024-08-02 02:36

Severity ?

Summary

nscd: Null pointer crashes after notfound response

References

▼	URL	Tags
	https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006
	https://security.netapp.com/advisory/ntap-20240524-0013/
	https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
	http://www.openwall.com/lists/oss-security/2024/07/22/5

Impacted products

▼	Vendor	Product
	The GNU C Library	glibc

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-33600",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-07T19:13:16.760599Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:44:18.891Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:36:04.168Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240524-0013/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "glibc",
          "vendor": "The GNU C Library",
          "versions": [
            {
              "lessThan": "2.40",
              "status": "affected",
              "version": "2.15",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003enscd: Null pointer crashes after notfound response\u003cbr\u003e\u003cbr\u003eIf the Name Service Cache Daemon\u0027s (nscd) cache fails to add a not-found\u003cbr\u003enetgroup response to the cache, the client request can result in a null\u003cbr\u003epointer dereference.  This flaw was introduced in glibc 2.15 when the\u003cbr\u003ecache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "nscd: Null pointer crashes after notfound response\n\nIf the Name Service Cache Daemon\u0027s (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference.  This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-129",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-129 Pointer Manipulation"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-06T19:22:02.726Z",
        "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
        "shortName": "glibc"
      },
      "references": [
        {
          "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240524-0013/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "nscd: Null pointer crashes after notfound response",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
    "assignerShortName": "glibc",
    "cveId": "CVE-2024-33600",
    "datePublished": "2024-05-06T19:22:02.726Z",
    "dateReserved": "2024-04-24T20:35:08.340Z",
    "dateUpdated": "2024-08-02T02:36:04.168Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-33602

Vulnerability from cvelistv5

Published

2024-05-06 19:22

Modified

2024-08-02 02:36

Severity ?

7.4 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

nscd: netgroup cache assumes NSS callback uses in-buffer strings

References

▼	URL	Tags
	https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008
	https://security.netapp.com/advisory/ntap-20240524-0012/
	https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
	http://www.openwall.com/lists/oss-security/2024/07/22/5

Impacted products

▼	Vendor	Product
	The GNU C Library	glibc

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "glibc",
            "vendor": "gnu",
            "versions": [
              {
                "lessThan": "2.40",
                "status": "affected",
                "version": "2.15",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.4,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-33602",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-13T16:09:29.755117Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-13T16:26:29.854Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:36:04.479Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240524-0012/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "glibc",
          "vendor": "The GNU C Library",
          "versions": [
            {
              "lessThan": "2.40",
              "status": "affected",
              "version": "2.15",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003enscd: netgroup cache assumes NSS callback uses in-buffer strings\u003cbr\u003e\u003cbr\u003eThe Name Service Cache Daemon\u0027s (nscd) netgroup cache can corrupt memory\u003cbr\u003ewhen the NSS callback does not store all strings in the provided buffer.\u003cbr\u003eThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003c/div\u003e"
            }
          ],
          "value": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\n\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-129",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-129 Pointer Manipulation"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-466",
              "description": "CWE-466 Return of Pointer Value Outside of Expected Range",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-06T19:22:12.383Z",
        "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
        "shortName": "glibc"
      },
      "references": [
        {
          "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240524-0012/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "nscd: netgroup cache assumes NSS callback uses in-buffer strings",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
    "assignerShortName": "glibc",
    "cveId": "CVE-2024-33602",
    "datePublished": "2024-05-06T19:22:12.383Z",
    "dateReserved": "2024-04-24T20:35:08.340Z",
    "dateUpdated": "2024-08-02T02:36:04.479Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-2961

Vulnerability from cvelistv5

Published

2024-04-17 17:27

Modified

2024-11-15 15:22

Severity ?

7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Summary

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

References

▼	URL	Tags
	https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/
	http://www.openwall.com/lists/oss-security/2024/04/24/2
	http://www.openwall.com/lists/oss-security/2024/04/17/9
	http://www.openwall.com/lists/oss-security/2024/04/18/4
	https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html
	http://www.openwall.com/lists/oss-security/2024/05/27/2
	http://www.openwall.com/lists/oss-security/2024/05/27/6
	http://www.openwall.com/lists/oss-security/2024/05/27/1
	http://www.openwall.com/lists/oss-security/2024/05/27/4
	http://www.openwall.com/lists/oss-security/2024/05/27/5
	http://www.openwall.com/lists/oss-security/2024/05/27/3
	https://security.netapp.com/advisory/ntap-20240531-0002/
	http://www.openwall.com/lists/oss-security/2024/07/22/5

Impacted products

▼	Vendor	Product
	The GNU C Library	glibc

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "glibc",
            "vendor": "gnu",
            "versions": [
              {
                "lessThan": "2.40",
                "status": "affected",
                "version": "2.1.93",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-2961",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-30T04:00:23.144191Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:29:57.648Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-15T15:22:29.055Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.ambionics.io/blog/iconv-cve-2024-2961-p1"
          },
          {
            "url": "https://www.ambionics.io/blog/iconv-cve-2024-2961-p2"
          },
          {
            "url": "https://www.ambionics.io/blog/iconv-cve-2024-2961-p3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/04/24/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/04/17/9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/04/18/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/05/27/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/05/27/6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/05/27/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/05/27/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/05/27/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/05/27/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240531-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "glibc",
          "vendor": "The GNU C Library",
          "versions": [
            {
              "lessThan": "2.40",
              "status": "affected",
              "version": "2.1.93",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Charles Fol"
        }
      ],
      "datePublic": "2024-04-17T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.\u003cbr\u003e"
            }
          ],
          "value": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-17T17:51:03.169Z",
        "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
        "shortName": "glibc"
      },
      "references": [
        {
          "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/04/24/2"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/04/17/9"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/04/18/4"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/05/27/2"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/05/27/6"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/05/27/1"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/05/27/4"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/05/27/5"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/05/27/3"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240531-0002/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
    "assignerShortName": "glibc",
    "cveId": "CVE-2024-2961",
    "datePublished": "2024-04-17T17:27:40.541Z",
    "dateReserved": "2024-03-26T19:29:31.186Z",
    "dateUpdated": "2024-11-15T15:22:29.055Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-33601

Vulnerability from cvelistv5

Published

2024-05-06 19:22

Modified

2024-08-02 02:36

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

nscd: netgroup cache may terminate daemon on memory allocation failure

References

▼	URL	Tags
	https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007
	https://security.netapp.com/advisory/ntap-20240524-0014/
	https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
	http://www.openwall.com/lists/oss-security/2024/07/22/5

Impacted products

▼	Vendor	Product
	The GNU C Library	glibc

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "glibc",
            "vendor": "gnu",
            "versions": [
              {
                "lessThan": "2.40",
                "status": "affected",
                "version": "2.15",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-33601",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-09T17:26:01.322253Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:44:28.720Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:36:04.342Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240524-0014/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "glibc",
          "vendor": "The GNU C Library",
          "versions": [
            {
              "lessThan": "2.40",
              "status": "affected",
              "version": "2.15",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003enscd: netgroup cache may terminate daemon on memory allocation failure\u003cbr\u003e\u003cbr\u003eThe Name Service Cache Daemon\u0027s (nscd) netgroup cache uses xmalloc or\u003cbr\u003exrealloc and these functions may terminate the process due to a memory\u003cbr\u003eallocation failure resulting in a denial of service to the clients.  The\u003cbr\u003eflaw was introduced in glibc 2.15 when the cache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "nscd: netgroup cache may terminate daemon on memory allocation failure\n\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients.  The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-130",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-130 Excessive Allocation"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-617",
              "description": "CWE-617 Reachable Assertion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-06T19:22:07.763Z",
        "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
        "shortName": "glibc"
      },
      "references": [
        {
          "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240524-0014/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "nscd: netgroup cache may terminate daemon on memory allocation failure",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
    "assignerShortName": "glibc",
    "cveId": "CVE-2024-33601",
    "datePublished": "2024-05-06T19:22:07.763Z",
    "dateReserved": "2024-04-24T20:35:08.340Z",
    "dateUpdated": "2024-08-02T02:36:04.342Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-33599

Vulnerability from cvelistv5

Published

2024-05-06 19:21

Modified

2024-08-02 02:36

Severity ?

Summary

nscd: Stack-based buffer overflow in netgroup cache

References

▼	URL	Tags
	https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005
	https://security.netapp.com/advisory/ntap-20240524-0011/
	https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
	http://www.openwall.com/lists/oss-security/2024/07/22/5

Impacted products

▼	Vendor	Product
	The GNU C Library	glibc

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-33599",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-29T19:01:02.703174Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:45:09.077Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:36:04.290Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240524-0011/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "glibc",
          "vendor": "The GNU C Library",
          "versions": [
            {
              "lessThan": "2.40",
              "status": "affected",
              "version": "2.15",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "nscd: Stack-based buffer overflow in netgroup cache\u003cbr\u003e\u003cbr\u003eIf the Name Service Cache Daemon\u0027s (nscd) fixed size cache is exhausted\u003cbr\u003eby client requests then a subsequent client request for netgroup data\u003cbr\u003emay result in a stack-based buffer overflow.  This flaw was introduced\u003cbr\u003ein glibc 2.15 when the cache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003cbr\u003e"
            }
          ],
          "value": "nscd: Stack-based buffer overflow in netgroup cache\n\nIf the Name Service Cache Daemon\u0027s (nscd) fixed size cache is exhausted\nby client requests then a subsequent client request for netgroup data\nmay result in a stack-based buffer overflow.  This flaw was introduced\nin glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-06T19:21:54.314Z",
        "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
        "shortName": "glibc"
      },
      "references": [
        {
          "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240524-0011/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "nscd: Stack-based buffer overflow in netgroup cache",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
    "assignerShortName": "glibc",
    "cveId": "CVE-2024-33599",
    "datePublished": "2024-05-06T19:21:54.314Z",
    "dateReserved": "2024-04-24T20:35:08.340Z",
    "dateUpdated": "2024-08-02T02:36:04.290Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2024_4126

Vulnerability from csaf_redhat

cve-2024-33600

Vulnerability from cvelistv5

cve-2024-33602

Vulnerability from cvelistv5

cve-2024-2961

Vulnerability from cvelistv5

cve-2024-33601

Vulnerability from cvelistv5

cve-2024-33599

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature