CVE-2015-0235

Beschreibung:
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka „GHOST.“

CWE: CWE-787

CVSS-Bewertung
CVSS 2: HIGH – 10 (Version: 2.0)
CVSS 3: MEDIUM – 5.3 (Version: 3.1)

Links:

NVD – CVE-2015-0235
CVE – CVE-2015-0235

Link (max. 20) Quelle Tags
20150127 Qualys Security Advisory CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow BUGTRAQ Exploit Mailing List Third Party Advisory
20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) BUGTRAQ Mailing List Third Party Advisory VDB Entry Third Party Advisory
https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability MISC Third Party Advisory Third Party Advisory VDB Entry
62691 SECUNIA Third Party Advisory Third Party Advisory VDB Entry
http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/ CONFIRM Third Party Advisory Third Party Advisory
http://linux.oracle.com/errata/ELSA-2015-0090.html CONFIRM Third Party Advisory VDB Entry
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671 CONFIRM Third Party Advisory Third Party Advisory VDB Entry
http://www-01.ibm.com/support/docview.wss?uid=swg21695835 CONFIRM Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10100 CONFIRM Third Party Advisory VDB Entry
62698 SECUNIA Third Party Advisory Third Party Advisory VDB Entry
http://linux.oracle.com/errata/ELSA-2015-0092.html CONFIRM Third Party Advisory
62692 SECUNIA Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa90 CONFIRM Third Party Advisory Third Party Advisory VDB Entry
62690 SECUNIA Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21695860 CONFIRM Third Party Advisory
62715 SECUNIA Third Party Advisory
20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability CISCO Third Party Advisory
62688 SECUNIA Third Party Advisory
62681 SECUNIA Third Party Advisory
62667 SECUNIA Third Party Advisory Vendor Advisory

Quelle: NVD – CVE-2015-0235
Datum Veröffentlichung: 2015-01-28T19:59Z, Datum letzte Änderung: 2021-05-04T18:15Z