CVE-2024-33601
CWE-617Published: May 6, 2024· Updated: Jun 17, 2026
Official Description
nscd: netgroup cache may terminate daemon on memory allocation failure
The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or
xrealloc and these functions may terminate the process due to a memory
allocation failure resulting in a denial of service to the clients. The
flaw was introduced in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
Technical Analysis
CVE-2024-33601 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
Official Patches & Advisories
All References (9)
Quick Facts
Related CVEs (CWE-617)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2024-33601 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts