Buffer Overflow in GNU C Library Affecting Various Linux Distributions
CVE-2015-1781

Currently unrated

Key Information:

Vendor
Suse
Status
Linux Enterprise Server
Linux Enterprise Desktop
Linux Enterprise Debuginfo
Vendor
CVE Published:
28 September 2015

Summary

A vulnerability in the GNU C Library allows context-dependent attackers to exploit a buffer overflow during the processing of DNS responses. This exploitation may lead to unintended denial of service conditions, including application crashes, or may grant the ability to execute arbitrary code on affected systems. The vulnerability arises due to misalignment in the buffer handling when invoking the gethostbyname_r and other NSS functions, particularly with crafted DNS responses. Systems using glibc versions prior to 2.22 are particularly susceptible, impacting various Linux distributions and applications relying on this library.

References

http://lists.opensuse.org/opensuse-security-announce/2015...
vendor-advisoryx_refsource_SUSE
https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609...
mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2016...
vendor-advisoryx_refsource_SUSE

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.