CVE-2014-9984: nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer
21228
20 September 2022
13 September 2022
Closed
Low
Base Score: 9.8 - CRITICAL - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
N/A
CVE-2014-9984
Summary Security Advisory ID : BSA-2022-607 Component : GNU C Library Revision : 1.1
nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.
Notes:
Brocade Fabric OS does not utilize the vulnerable service. Brocade Fabric OS is Not Affected by this vulnerability. A security update was provided in Brocade Fabric OS version v9.1.0 to remove the vulnerable component.
Products under investigation
- Brocade Active Support Connectivity Gateway (ASC-G)
Products Confirmed Not Vulnerable
No other Brocade Fibre Channel Products from Broadcom products are known to be affected by this vulnerability.
Solution
A security update was provided in Brocade Fabric OS v9.1.0 to remove the vulnerable components.
Revision History
Version | Change | Date |
|---|---|---|
1.0 | Initial Publication | Sept 13, 2022 |
1.1 | content update to correct summary | Sept 20, 2022 |