Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-1781

Опубликовано: 21 апр. 2015
Источник: redhat
CVSS2: 5.1
EPSS Низкий

Описание

Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.

A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application.

Отчет

Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5glibcWill not fix
Red Hat Enterprise Linux 6glibcFixedRHSA-2015:086321.04.2015
Red Hat Enterprise Linux 7glibcFixedRHSA-2015:219919.11.2015
Red Hat Enterprise Linux 7.1 Extended Update SupportglibcFixedRHSA-2015:258909.12.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-131->CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=1199525glibc: buffer overflow in gethostbyname_r() and related functions with misaligned buffer

EPSS

Процентиль: 89%
0.05081
Низкий

5.1 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-1781

ubuntu
больше 9 лет назад

Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.

nvd логотип

CVE-2015-1781

nvd
больше 9 лет назад

Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.

debian логотип

CVE-2015-1781

debian
больше 9 лет назад

Buffer overflow in the gethostbyname_r and other unspecified NSS funct ...

github логотип

GHSA-w9wj-9x52-h75c

github
около 3 лет назад

Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.

suse-cvrf логотип

SUSE-SU-2015:1844-1

suse-cvrf
больше 9 лет назад

Security update for glibc

EPSS

Процентиль: 89%
0.05081
Низкий

5.1 Medium

CVSS2

Уязвимость CVE-2015-1781