projects / glibc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: aa36ac8) | patch
local-CVE-2024-33600-nscd
authorGNU Libc Maintainers <debian-glibc@lists.debian.org>
Tue, 30 Apr 2024 21:57:11 +0000 (23:57 +0200)
committerAurelien Jarno <aurel32@debian.org>
Tue, 30 Apr 2024 21:57:11 +0000 (23:57 +0200)
commit0ada9539a315524aad30b45f7323579db0b8f0d5
tree745f9e0efe0cc5c09fb86cf8dbf60a99e21ed944tree | snapshot
parentaa36ac82dbc1d6a0eff03d709cce8036914f9850commit | diff
local-CVE-2024-33600-nscd

commit 69c58d5ef9f584ea198bd00f7964d364d0e6b921
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Apr 25 15:00:45 2024 +0200

    CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bug 31677)

    Using alloca matches what other caches do.  The request length is
    bounded by MAXKEYLEN.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
    (cherry picked from commit 87801a8fd06db1d654eea3e4f7626ff476a9bdaa)

commit 304ce5fe466c4762b21b36c26926a4657b59b53e
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Apr 25 15:01:07 2024 +0200

    CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bug 31678)

    If we failed to add a not-found response to the cache, the dataset
    point can be null, resulting in a null pointer dereference.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
    (cherry picked from commit 7835b00dbce53c3c87bbbb1754a95fb5e58187aa)

Gbp-Pq: Topic any
Gbp-Pq: Name local-CVE-2024-33600-nscd.patch
nscd/netgroupcache.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.