{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2025-4802: fix untrusted LD_LIBRARY_PATH vulnerability in dynamically\n shared library loading in setuid binaries to prevent attacker control", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos-stream8els/advisories/2025/clsa-2025_1750692029.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1750692029", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1750692029" } ], "tracking": { "current_release_date": "2025-06-24T15:47:31Z", "generator": { "date": "2025-06-24T15:47:31Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1750692029", "initial_release_date": "2025-06-23T15:20:32Z", "revision_history": [ { "date": "2025-06-23T15:20:32Z", "number": "1", "summary": "Initial version" }, { "date": "2025-06-24T15:47:31Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "glibc: Fix of CVE-2025-4802" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8", "product": { "name": "Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "glibc-langpack-dz-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product": { "name": "glibc-langpack-dz-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product_id": "glibc-langpack-dz-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/glibc-langpack-dz@2.28-251.el8.2.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "glibc-langpack-ml-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product": { "name": "glibc-langpack-ml-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product_id": "glibc-langpack-ml-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/glibc-langpack-ml@2.28-251.el8.2.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "glibc-langpack-hne-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product": { "name": "glibc-langpack-hne-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product_id": "glibc-langpack-hne-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/glibc-langpack-hne@2.28-251.el8.2.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "glibc-langpack-to-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product": { "name": "glibc-langpack-to-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product_id": "glibc-langpack-to-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/glibc-langpack-to@2.28-251.el8.2.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "glibc-langpack-mn-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product": { "name": "glibc-langpack-mn-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product_id": "glibc-langpack-mn-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/glibc-langpack-mn@2.28-251.el8.2.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "glibc-langpack-bs-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product": { "name": "glibc-langpack-bs-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product_id": "glibc-langpack-bs-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/glibc-langpack-bs@2.28-251.el8.2.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "glibc-langpack-kl-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product": { "name": "glibc-langpack-kl-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product_id": "glibc-langpack-kl-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/glibc-langpack-kl@2.28-251.el8.2.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "glibc-langpack-ga-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product": { "name": "glibc-langpack-ga-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product_id": "glibc-langpack-ga-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/glibc-langpack-ga@2.28-251.el8.2.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "glibc-langpack-kok-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product": { "name": "glibc-langpack-kok-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product_id": "glibc-langpack-kok-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/glibc-langpack-kok@2.28-251.el8.2.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "glibc-langpack-te-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product": { "name": "glibc-langpack-te-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product_id": "glibc-langpack-te-0:2.28-251.el8.2.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/glibc-langpack-te@2.28-251.el8.2.tuxcare.els2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "glibc-langpack-dz-0:2.28-251.el8.2.tuxcare.els2.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:glibc-langpack-dz-0:2.28-251.el8.2.tuxcare.els2.x86_64" }, "product_reference": "glibc-langpack-dz-0:2.28-251.el8.2.tuxcare.els2.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "glibc-langpack-ml-0:2.28-251.el8.2.tuxcare.els2.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:glibc-langpack-ml-0:2.28-251.el8.2.tuxcare.els2.x86_64" }, "product_reference": "glibc-langpack-ml-0:2.28-251.el8.2.tuxcare.els2.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "glibc-langpack-hne-0:2.28-251.el8.2.tuxcare.els2.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:glibc-langpack-hne-0:2.28-251.el8.2.tuxcare.els2.x86_64" }, "product_reference": "glibc-langpack-hne-0:2.28-251.el8.2.tuxcare.els2.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "glibc-langpack-to-0:2.28-251.el8.2.tuxcare.els2.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:glibc-langpack-to-0:2.28-251.el8.2.tuxcare.els2.x86_64" }, "product_reference": "glibc-langpack-to-0:2.28-251.el8.2.tuxcare.els2.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "glibc-langpack-mn-0:2.28-251.el8.2.tuxcare.els2.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:glibc-langpack-mn-0:2.28-251.el8.2.tuxcare.els2.x86_64" }, "product_reference": "glibc-langpack-mn-0:2.28-251.el8.2.tuxcare.els2.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "glibc-langpack-bs-0:2.28-251.el8.2.tuxcare.els2.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:glibc-langpack-bs-0:2.28-251.el8.2.tuxcare.els2.x86_64" }, "product_reference": "glibc-langpack-bs-0:2.28-251.el8.2.tuxcare.els2.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "glibc-langpack-kl-0:2.28-251.el8.2.tuxcare.els2.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:glibc-langpack-kl-0:2.28-251.el8.2.tuxcare.els2.x86_64" }, "product_reference": "glibc-langpack-kl-0:2.28-251.el8.2.tuxcare.els2.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "glibc-langpack-ga-0:2.28-251.el8.2.tuxcare.els2.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:glibc-langpack-ga-0:2.28-251.el8.2.tuxcare.els2.x86_64" }, "product_reference": "glibc-langpack-ga-0:2.28-251.el8.2.tuxcare.els2.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "glibc-langpack-kok-0:2.28-251.el8.2.tuxcare.els2.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:glibc-langpack-kok-0:2.28-251.el8.2.tuxcare.els2.x86_64" }, "product_reference": "glibc-langpack-kok-0:2.28-251.el8.2.tuxcare.els2.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "glibc-langpack-te-0:2.28-251.el8.2.tuxcare.els2.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:glibc-langpack-te-0:2.28-251.el8.2.tuxcare.els2.x86_64" }, "product_reference": "glibc-langpack-te-0:2.28-251.el8.2.tuxcare.els2.x86_64", "relates_to_product_reference": "CentOS-Stream-8" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-33600", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "nscd: Null pointer crashes after notfound response\nIf the Name Service Cache Daemon's (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference. This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\nThis vulnerability is only present in the nscd binary.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:glibc-langpack-dz-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-ml-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-hne-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-to-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-mn-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-bs-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-kl-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-ga-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-kok-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-te-0:2.28-251.el8.2.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-33600" } ], "release_date": "2024-04-24T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "CentOS-Stream-8:glibc-langpack-dz-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-ml-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-hne-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-to-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-mn-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-bs-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-kl-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-ga-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-kok-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-te-0:2.28-251.el8.2.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-33601", "cwe": { "id": "CWE-703", "name": "Improper Check or Handling of Exceptional Conditions" }, "notes": [ { "category": "description", "text": "nscd: netgroup cache may terminate daemon on memory allocation failure\nThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients. The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\nThis vulnerability is only present in the nscd binary.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:glibc-langpack-dz-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-ml-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-hne-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-to-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-mn-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-bs-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-kl-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-ga-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-kok-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-te-0:2.28-251.el8.2.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-33601" } ], "release_date": "2024-05-06T19:22:07", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "CentOS-Stream-8:glibc-langpack-dz-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-ml-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-hne-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-to-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-mn-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-bs-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-kl-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-ga-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-kok-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-te-0:2.28-251.el8.2.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-4802", "cwe": { "id": "CWE-426", "name": "Untrusted Search Path" }, "notes": [ { "category": "description", "text": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:glibc-langpack-dz-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-ml-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-hne-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-to-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-mn-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-bs-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-kl-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-ga-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-kok-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-te-0:2.28-251.el8.2.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-4802" } ], "release_date": "2025-05-16T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:glibc-langpack-dz-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-ml-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-hne-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-to-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-mn-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-bs-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-kl-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-ga-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-kok-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-te-0:2.28-251.el8.2.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-33602", "cwe": { "id": "CWE-703", "name": "Improper Check or Handling of Exceptional Conditions" }, "notes": [ { "category": "description", "text": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\nThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\nThis vulnerability is only present in the nscd binary.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:glibc-langpack-dz-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-ml-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-hne-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-to-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-mn-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-bs-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-kl-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-ga-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-kok-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-te-0:2.28-251.el8.2.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-33602" } ], "release_date": "2024-04-24T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "CentOS-Stream-8:glibc-langpack-dz-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-ml-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-hne-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-to-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-mn-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-bs-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-kl-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-ga-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-kok-0:2.28-251.el8.2.tuxcare.els2.x86_64", "CentOS-Stream-8:glibc-langpack-te-0:2.28-251.el8.2.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] } ] }