CVE-2024-33601 – A memory allocation failure in nscd's netgroup ... (How to Fix)

Q: What is the severity of CVE-2024-33601?

CVE-2024-33601 has a CVSS score of 7.3 (HIGH). A memory allocation failure in nscd's netgroup cache can cause the daemon to terminate, resulting in denial of service for clients relying on name service caching. This affects systems running glibc 2.15 or later with nscd enabled. The vulnerability is limited to the nscd binary itself.

📋 TL;DR

A memory allocation failure in nscd's netgroup cache can cause the daemon to terminate, resulting in denial of service for clients relying on name service caching. This affects systems running glibc 2.15 or later with nscd enabled. The vulnerability is limited to the nscd binary itself.

💻 Affected Systems

Products:

glibc
nscd

Versions: glibc 2.15 and later

Operating Systems: Linux distributions using affected glibc versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if nscd is running and configured to cache netgroup lookups. Many systems disable nscd by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Glibc by Gnu

The GNU C Library (glibc) is the core C library for Linux systems, providing essential system calls and basic functions for all C programs. It is a fundamental component that nearly every Linux application depends on.

Learn more about Glibc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

nscd crashes repeatedly under memory pressure, causing sustained denial of service for all name service lookups (DNS, NIS, LDAP) that rely on caching, potentially disrupting authentication and system operations.

🟠

Likely Case

Intermittent nscd crashes during high memory usage scenarios, causing temporary service degradation for cached name lookups until the daemon restarts.

🟢

If Mitigated

If nscd is disabled or memory allocation failures are prevented, impact is minimal as clients fall back to direct name service queries with performance penalty.

🌐 Internet-Facing: LOW - nscd typically serves internal system processes rather than external network requests.

🏢 Internal Only: MEDIUM - Internal systems relying on nscd for performance-critical name lookups could experience service disruption.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires triggering memory allocation failures in nscd, which is difficult to control reliably. No known active exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: glibc 2.39 or later, or distribution-specific backports

Vendor Advisory: https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007

Restart Required: Yes

Instructions:

1. Update glibc to patched version via package manager. 2. Restart nscd service: systemctl restart nscd or service nscd restart. 3. Verify nscd is running and stable.

🔧 Temporary Workarounds

Disable nscd

linux

Stop and disable the nscd service to eliminate the vulnerability

systemctl stop nscd
systemctl disable nscd

Disable netgroup caching

linux

Configure nscd to not cache netgroup lookups

echo "enable-cache netgroup no" >> /etc/nscd.conf
systemctl restart nscd

🧯 If You Can't Patch

Disable nscd service entirely if not critically needed
Implement memory monitoring and alerting to detect allocation failures before they trigger crashes

🔍 How to Verify

Check if Vulnerable:

Check glibc version: ldd --version | head -1. If version >= 2.15 and nscd is running (systemctl status nscd), system may be vulnerable.

Check Version:

ldd --version | head -1

Verify Fix Applied:

Verify glibc version is patched (>= 2.39 or distribution backport) and nscd runs without crashes under load.

📡 Detection & Monitoring

Log Indicators:

nscd crash logs in systemd journal or /var/log/messages
Memory allocation failure messages related to nscd

Network Indicators:

Increased DNS/NIS/LDAP query latency if nscd crashes

SIEM Query:

process.name="nscd" AND (event.action="crashed" OR log.level="emerg" OR log.level="alert")

📊 Metadata

CVE ID: CVE-2024-33601

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-617

Published: May 6, 2024

Last Updated: August 1, 2025

🔗 References

http://www.openwall.com/lists/oss-security/2024/07/22/5 Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20240524-0014/ Third Party Advisory
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007 Broken Link
http://www.openwall.com/lists/oss-security/2024/07/22/5 Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20240524-0014/ Third Party Advisory
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007 Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-33601, you might also want to check these: