CVE-2015-1781

Currently unrated

Key Information:

Vendor: Suse
Status: Linux Enterprise Server; Linux Enterprise Desktop; Linux Enterprise Debuginfo
Vendor: CVE Published:; 28 September 2015

Summary

Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.

References

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609...

mailing-listx_refsource_MLIST

http://lists.opensuse.org/opensuse-security-announce/2016...

vendor-advisoryx_refsource_SUSE

EPSS Score

12% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 28, 2015
Vulnerability Reserved
Feb 17, 2015