Vulnerability DatabaseCVE-2015-7547
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2015-7547
February 18, 2016
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
Related ResourcesĀ (76)
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367
http://rhn.redhat.com/errata/RHSA-2016-0176.html
http://seclists.org/fulldisclosure/2019/Sep/7
http://www.securityfocus.com/bid/83265
http://rhn.redhat.com/errata/RHSA-2016-0225.html
http://www.debian.org/security/2016/dsa-3480
https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958
http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow
https://www.exploit-db.com/exploits/39454/
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10150
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516
http://rhn.redhat.com/errata/RHSA-2016-0175.html
http://seclists.org/fulldisclosure/2022/Jun/36
https://www.kb.cert.org/vuls/id/457759
https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
http://ubuntu.com/usn/usn-2900-1
http://marc.info/?l=bugtraq&m=145672440608228&w=2
http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow
http://marc.info/?l=bugtraq&m=145596041017029&w=2
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161
https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937
http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
https://security.netapp.com/advisory/ntap-20160217-0002/
https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
http://marc.info/?l=bugtraq&m=145857691004892&w=2
https://access.redhat.com/security/cve/CVE-2015-7547
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266
https://support.lenovo.com/us/en/product_security/len_5450
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479
https://bugzilla.redhat.com/show_bug.cgi?id=1293532
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877
https://sourceware.org/bugzilla/show_bug.cgi?id=18665
http://marc.info/?l=bugtraq&m=145690841819314&w=2
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858
https://access.redhat.com/articles/2161461
https://security.gentoo.org/glsa/201602-02
http://marc.info/?l=bugtraq&m=146161017210491&w=2
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html
http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672
http://www.vmware.com/security/advisories/VMSA-2016-0002.html
https://seclists.org/bugtraq/2019/Sep/7
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html
http://www.debian.org/security/2016/dsa-3481
https://www.tenable.com/security/research/tra-2017-08
http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html
http://seclists.org/fulldisclosure/2021/Sep/0
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
http://rhn.redhat.com/errata/RHSA-2016-0277.html
https://www.exploit-db.com/exploits/40339/
http://support.citrix.com/article/CTX206991
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securitytracker.com/id/1035020
https://bto.bluecoat.com/security-advisory/sa114
Do you need more information?
Contact Us
CVSS v4
Base Score:
9.2
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
CVSS v2
Base Score:
6.8
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
Weakness Type (CWE)
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-119
EPSS
Base Score:
93.87