8.1

CVE-2015-7547

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.10
HpHelion Openstack Version1.1.1
HpHelion Openstack Version2.0.0
HpHelion Openstack Version2.1.0
HpServer Migration Pack Version7.5
SuseLinux Enterprise Debuginfo Version11.0 Updatesp2
SuseLinux Enterprise Debuginfo Version11.0 Updatesp3
SuseLinux Enterprise Debuginfo Version11.0 Updatesp4
OpensuseOpensuse Version13.2
SuseLinux Enterprise Desktop Version11.0 Updatesp3
SuseLinux Enterprise Desktop Version11.0 Updatesp4
SuseLinux Enterprise Desktop Version12 Updatesp1
SuseLinux Enterprise Server Version11.0 Updatesp2 SwEditionlts
SuseLinux Enterprise Server Version11.0 Updatesp3
SuseLinux Enterprise Server Version11.0 Updatesp3 SwPlatformvmware
SuseLinux Enterprise Server Version11.0 Updatesp4
SuseLinux Enterprise Server Version12 Updatesp1
F5Big-ip Access Policy Manager Version12.0.0
F5Big-ip Analytics Version12.0.0
F5Big-ip Domain Name System Version12.0.0
F5Big-ip Link Controller Version12.0.0
F5Big-ip Local Traffic Manager Version12.0.0
OracleFujitsu M10 Firmware Version <= 2290
GnuGlibc Version2.9
GnuGlibc Version2.10
GnuGlibc Version2.10.1
GnuGlibc Version2.11
GnuGlibc Version2.11.1
GnuGlibc Version2.11.2
GnuGlibc Version2.11.3
GnuGlibc Version2.12
GnuGlibc Version2.12.1
GnuGlibc Version2.12.2
GnuGlibc Version2.13
GnuGlibc Version2.14
GnuGlibc Version2.14.1
GnuGlibc Version2.15
GnuGlibc Version2.16
GnuGlibc Version2.17
GnuGlibc Version2.18
GnuGlibc Version2.19
GnuGlibc Version2.20
GnuGlibc Version2.21
GnuGlibc Version2.22
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 89.56% 0.998
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
http://seclists.org/fulldisclosure/2021/Sep/0
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
https://security.gentoo.org/glsa/201602-02
Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
http://seclists.org/fulldisclosure/2019/Sep/7
https://seclists.org/bugtraq/2019/Sep/7
http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html
http://seclists.org/fulldisclosure/2022/Jun/36
http://www.debian.org/security/2016/dsa-3480
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958
Third Party Advisory
http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html
Third Party Advisory
http://marc.info/?l=bugtraq&m=145596041017029&w=2
http://marc.info/?l=bugtraq&m=145672440608228&w=2
http://marc.info/?l=bugtraq&m=145690841819314&w=2
http://marc.info/?l=bugtraq&m=145857691004892&w=2
http://marc.info/?l=bugtraq&m=146161017210491&w=2
http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html
http://rhn.redhat.com/errata/RHSA-2016-0175.html
http://rhn.redhat.com/errata/RHSA-2016-0176.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0225.html
http://rhn.redhat.com/errata/RHSA-2016-0277.html
http://support.citrix.com/article/CTX206991
http://ubuntu.com/usn/usn-2900-1
Third Party Advisory
http://www.debian.org/security/2016/dsa-3481
Third Party Advisory
http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en
http://www.securityfocus.com/bid/83265
http://www.securitytracker.com/id/1035020
http://www.vmware.com/security/advisories/VMSA-2016-0002.html
https://access.redhat.com/articles/2161461
Third Party Advisory
https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/
Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa114
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1293532
Third Party Advisory
Issue Tracking
https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266
https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10150
Third Party Advisory
https://security.netapp.com/advisory/ntap-20160217-0002/
https://sourceware.org/bugzilla/show_bug.cgi?id=18665
Issue Tracking
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
Vendor Advisory
Mailing List
https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html
Third Party Advisory
https://support.lenovo.com/us/en/product_security/len_5450
https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17
https://www.exploit-db.com/exploits/39454/
https://www.exploit-db.com/exploits/40339/
https://www.kb.cert.org/vuls/id/457759
https://www.tenable.com/security/research/tra-2017-08