6.8

CVE-2015-1781

Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.

Data is provided by the National Vulnerability Database (NVD)
SuseLinux Enterprise Debuginfo Version11 Updatesp3
SuseLinux Enterprise Debuginfo Version11 Updatesp4
SuseLinux Enterprise Desktop Version11 Updatesp3
SuseLinux Enterprise Desktop Version11 Updatesp4
SuseLinux Enterprise Server Version11 Updatesp3
SuseLinux Enterprise Server Version11 Updatesp3 SwPlatformvmware
SuseLinux Enterprise Server Version11 Updatesp4
GnuGlibc Version <= 2.21
DebianDebian Linux Version7.0
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.04
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 7.79% 0.917
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/bid/74255
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032178
Third Party Advisory
VDB Entry
https://sourceware.org/bugzilla/show_bug.cgi?id=18287
Third Party Advisory
Issue Tracking