CVE-2015-7547

Published: Feb 18, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

1035020

vdb-entry

x_refsource_SECTRACK

HPSBGN03582

vendor-advisory

x_refsource_HP

SUSE-SU-2016:0471

vendor-advisory

x_refsource_SUSE

RHSA-2016:0175

vendor-advisory

x_refsource_REDHAT

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858

x_refsource_CONFIRM

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672

x_refsource_CONFIRM

https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/

x_refsource_CONFIRM

https://sourceware.org/bugzilla/show_bug.cgi?id=18665

x_refsource_CONFIRM

HPSBGN03551

vendor-advisory

x_refsource_HP

RHSA-2016:0225

vendor-advisory

x_refsource_REDHAT

FEDORA-2016-0f9e9a34ce

vendor-advisory

x_refsource_FEDORA

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161

x_refsource_CONFIRM

DSA-3481

vendor-advisory

x_refsource_DEBIAN

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

x_refsource_CONFIRM

openSUSE-SU-2016:0510

vendor-advisory

x_refsource_SUSE

USN-2900-1

vendor-advisory

x_refsource_UBUNTU

http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow

x_refsource_CONFIRM

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917

x_refsource_CONFIRM

RHSA-2016:0277

vendor-advisory

x_refsource_REDHAT

openSUSE-SU-2016:0511

vendor-advisory

x_refsource_SUSE

https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html

x_refsource_MISC

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20160217-0002/

x_refsource_CONFIRM

SUSE-SU-2016:0470

vendor-advisory

x_refsource_SUSE

https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/

x_refsource_CONFIRM

https://support.lenovo.com/us/en/product_security/len_5450

x_refsource_CONFIRM

https://www.tenable.com/security/research/tra-2017-08

x_refsource_MISC

http://www.vmware.com/security/advisories/VMSA-2016-0002.html

x_refsource_CONFIRM

HPSBGN03549

vendor-advisory

x_refsource_HP

83265

vdb-entry

x_refsource_BID

http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow

x_refsource_CONFIRM

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

x_refsource_CONFIRM

GLSA-201602-02

vendor-advisory

x_refsource_GENTOO

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937

x_refsource_CONFIRM

HPSBGN03547

vendor-advisory

x_refsource_HP

SUSE-SU-2016:0472

vendor-advisory

x_refsource_SUSE

40339

exploit

x_refsource_EXPLOIT-DB

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877

x_refsource_CONFIRM

https://bto.bluecoat.com/security-advisory/sa114

x_refsource_CONFIRM

[libc-alpha] 20160216 [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow

mailing-list

x_refsource_MLIST

SUSE-SU-2016:0473

vendor-advisory

x_refsource_SUSE

https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes

x_refsource_CONFIRM

http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=1293532

x_refsource_CONFIRM

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367

x_refsource_CONFIRM

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

x_refsource_CONFIRM

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716

x_refsource_CONFIRM

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211

x_refsource_CONFIRM

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

x_refsource_CONFIRM

https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479

x_refsource_CONFIRM

https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html

x_refsource_CONFIRM

RHSA-2016:0176

vendor-advisory

x_refsource_REDHAT

FEDORA-2016-0480defc94

vendor-advisory

x_refsource_FEDORA

openSUSE-SU-2016:0512

vendor-advisory

x_refsource_SUSE

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404

x_refsource_CONFIRM

DSA-3480

vendor-advisory

x_refsource_DEBIAN

https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01

x_refsource_MISC

39454

exploit

x_refsource_EXPLOIT-DB

http://support.citrix.com/article/CTX206991

x_refsource_CONFIRM

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en

x_refsource_CONFIRM

VU#457759

third-party-advisory

x_refsource_CERT-VN

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958

x_refsource_CONFIRM

https://access.redhat.com/articles/2161461

x_refsource_CONFIRM

https://kc.mcafee.com/corporate/index?page=content&id=SB10150

x_refsource_CONFIRM

HPSBGN03442

vendor-advisory

x_refsource_HP

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266

x_refsource_CONFIRM

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516

x_refsource_CONFIRM

20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X

mailing-list

x_refsource_FULLDISC

20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X

mailing-list

x_refsource_BUGTRAQ

http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html

x_refsource_MISC

20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html

x_refsource_MISC

https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17

x_refsource_MISC

20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-7547

Description

Affected Products

References