CVE-2014-9984

NameCVE-2014-9984
Descriptionnscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
eglibc (PTS)wheezy2.13-38+deb7u10vulnerable
wheezy (security)2.13-38+deb7u12vulnerable
glibc (PTS)jessie2.19-18+deb8u9fixed
jessie (security)2.19-18+deb8u10fixed
stretch2.24-11fixed
stretch (security)2.24-11+deb9u1fixed
buster, sid2.24-12fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
eglibcsource(unstable)(unfixed)high
glibcsource(unstable)2.19-14high

Notes

Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=16695
Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c44496df2f090a56d3bf75df930592dac6bba46f

Search for package or bug name: Reporting problems