CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd)...

The vulnerability description and the commit patch clearly point to a stack-based buffer overflow in the addinnetgrX function within nscd/netgroupcache.c. The patch modifies how memory is allocated when a cache allocation fails, specifically replacing a fixed-size stack buffer with alloca. This change directly addresses the overflow condition. The commit message explicitly mentions CVE-2024-33599 and the nature of the bug.

Initially, I tried to fetch content from sourceware.org but it was protected. I then used Google to search for the CVE and found a link to an Ubuntu security page which contained the commit hash 87801a8fd06db1d654eea3e4f7626ff476a9bdaa. I then used this hash to fetch commit information from a glibc mirror on GitHub (bminor/glibc). The commit details directly implicated the addinnetgrX function and provided the patch diff showing the vulnerable code and its fix. The vulnerability occurs when mempool_alloc fails and the code falls back to a fixed-size stack buffer dataset_mem, which could be overflowed if req->key_len is too large. The fix involves using alloca instead, with a comment indicating that key_len is checked elsewhere, making alloca safe in this context for the patched version, but highlighting the original flaw with the fixed-size buffer on the stack when the primary allocation failed.