Uploaded image for project: 'Cost Management'
  1. Cost Management
  2. COST-4986

CVE-2024-33600 glibc: null pointer dereferences after failed netgroup cache insertion [services-cost-management-default]

XMLWordPrintable

      Security Tracking Issue

      Do not make this issue public.

      Impact: Moderate
      Reported Date: 25-Apr-2024
      Resolve Bug By: 24-Jul-2024

      In case the dates above are already past, please evaluate this bug in your next prioritization review and make a decision then. Remember to explicitly set CLOSED:WONTFIX (in Bugzilla) or Closed:Won't Do (in Jira) if you decide not to fix this bug.

      Please review this tracker and its impact on your product or service, as soon as possible. The trackers are filed WITHOUT in-depth analysis as the vulnerability has a Low or Moderate severity impact on this product or service. For more details, please refer to following confluence page - https://docs.engineering.redhat.com/x/3e_3EQ

      Please see the Security Errata Policy for further details: https://docs.engineering.redhat.com/x/9kKpDw

      Flaw:


      CVE-2024-33600 glibc: null pointer dereferences after failed netgroup cache insertion
      https://bugzilla.redhat.com/show_bug.cgi?id=2277204

      After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header.

      In addinnetgrX, addgetnetgrentX may have produced a NULL result, indicating a not-found status, but this is not handled in the subsequent code that prepares the record that will be sent out to the client.

      Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=31678

              mskarbek Michael Skarbek
              rh-ee-rgatica Robb Gatica
              Kent Aycoth, Kevan Holdaway
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: