CVE-2015-0235

Published: Jan 28, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

72325

vdb-entry

x_refsource_BID

HPSBGN03247

vendor-advisory

x_refsource_HP

http://www-01.ibm.com/support/docview.wss?uid=swg21696131

x_refsource_CONFIRM

62883

third-party-advisory

x_refsource_SECUNIA

62691

third-party-advisory

x_refsource_SECUNIA

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

x_refsource_CONFIRM

APPLE-SA-2015-10-21-4

vendor-advisory

x_refsource_APPLE

http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html

x_refsource_MISC

https://support.apple.com/HT205375

x_refsource_CONFIRM

HPSBGN03285

vendor-advisory

x_refsource_HP

20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)

mailing-list

x_refsource_BUGTRAQ

http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0

x_refsource_CONFIRM

62698

third-party-advisory

x_refsource_SECUNIA

62640

third-party-advisory

x_refsource_SECUNIA

1032909

vdb-entry

x_refsource_SECTRACK

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

x_refsource_CONFIRM

https://bto.bluecoat.com/security-advisory/sa90

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21696618

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21696600

x_refsource_CONFIRM

http://www.idirect.net/Partners/~/media/Files/CVE/iDirect-Posted-Common-Vulnerabilities-and-Exposures.pdf

x_refsource_CONFIRM

APPLE-SA-2015-09-30-3

vendor-advisory

x_refsource_APPLE

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

x_refsource_CONFIRM

https://www.sophos.com/en-us/support/knowledgebase/121879.aspx

x_refsource_CONFIRM

62688

third-party-advisory

x_refsource_SECUNIA

62865

third-party-advisory

x_refsource_SECUNIA

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21696243

x_refsource_CONFIRM

HPSBHF03289

vendor-advisory

x_refsource_HP

APPLE-SA-2015-06-30-2

vendor-advisory

x_refsource_APPLE

https://kc.mcafee.com/corporate/index?page=content&id=SB10100

x_refsource_CONFIRM

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

x_refsource_CONFIRM

62812

third-party-advisory

x_refsource_SECUNIA

62879

third-party-advisory

x_refsource_SECUNIA

HPSBGN03270

vendor-advisory

x_refsource_HP

http://linux.oracle.com/errata/ELSA-2015-0090.html

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

x_refsource_CONFIRM

62871

third-party-advisory

x_refsource_SECUNIA

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

x_refsource_CONFIRM

62690

third-party-advisory

x_refsource_SECUNIA

62692

third-party-advisory

x_refsource_SECUNIA

https://support.apple.com/HT205267

x_refsource_CONFIRM

https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes

x_refsource_CONFIRM

62681

third-party-advisory

x_refsource_SECUNIA

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671

x_refsource_CONFIRM

SSRT101937

vendor-advisory

x_refsource_HP

http://www-01.ibm.com/support/docview.wss?uid=swg21696526

x_refsource_CONFIRM

SSRT101953

vendor-advisory

x_refsource_HP

62667

third-party-advisory

x_refsource_SECUNIA

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04874668

x_refsource_CONFIRM

MDVSA-2015:039

vendor-advisory

x_refsource_MANDRIVA

https://www.f-secure.com/en/web/labs_global/fsc-2015-1

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21696602

x_refsource_CONFIRM

62517

third-party-advisory

x_refsource_SECUNIA

http://support.apple.com/kb/HT204942

x_refsource_CONFIRM

http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21695695

x_refsource_CONFIRM

62680

third-party-advisory

x_refsource_SECUNIA

62813

third-party-advisory

x_refsource_SECUNIA

http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html

x_refsource_MISC

GLSA-201503-04

vendor-advisory

x_refsource_GENTOO

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

x_refsource_CONFIRM

20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability

vendor-advisory

x_refsource_CISCO

91787

vdb-entry

x_refsource_BID

http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html

x_refsource_MISC

RHSA-2015:0126

vendor-advisory

x_refsource_REDHAT

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

x_refsource_CONFIRM

20150311 OpenSSL v1.0.2 for Linux affected by CVE-2015-0235

mailing-list

x_refsource_BUGTRAQ

62715

third-party-advisory

x_refsource_SECUNIA

https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt

x_refsource_MISC

http://www-01.ibm.com/support/docview.wss?uid=swg21695835

x_refsource_CONFIRM

20150127 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow

mailing-list

x_refsource_BUGTRAQ

HPSBMU03330

vendor-advisory

x_refsource_HP

20150128 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow

mailing-list

x_refsource_FULLDISC

http://www-01.ibm.com/support/docview.wss?uid=swg21695774

x_refsource_CONFIRM

62870

third-party-advisory

x_refsource_SECUNIA

https://security.netapp.com/advisory/ntap-20150127-0001/

x_refsource_CONFIRM

http://linux.oracle.com/errata/ELSA-2015-0092.html

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21695860

x_refsource_CONFIRM

DSA-3142

vendor-advisory

x_refsource_DEBIAN

https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability

x_refsource_MISC

62816

third-party-advisory

x_refsource_SECUNIA

62758

third-party-advisory

x_refsource_SECUNIA

20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series

mailing-list

x_refsource_FULLDISC

20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series

mailing-list

x_refsource_BUGTRAQ

http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html

x_refsource_MISC

https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf

x_refsource_CONFIRM

[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim

mailing-list

x_refsource_MLIST

20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html

x_refsource_MISC

https://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9

x_refsource_MISC

20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-0235

Description

Affected Products

References