CVE-2015-7547
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.6 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing “dual A/AAAA DNS queries” and the libnss_dns.so.2 NSS module.
References
fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow
lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html
lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html
lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html
lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html
lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html
lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html
lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html
lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html
marc.info/?l=bugtraq&m=145596041017029&w=2
marc.info/?l=bugtraq&m=145672440608228&w=2
marc.info/?l=bugtraq&m=145690841819314&w=2
marc.info/?l=bugtraq&m=145857691004892&w=2
marc.info/?l=bugtraq&m=146161017210491&w=2
packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html
packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html
rhn.redhat.com/errata/RHSA-2016-0175.html
rhn.redhat.com/errata/RHSA-2016-0176.html
rhn.redhat.com/errata/RHSA-2016-0225.html
rhn.redhat.com/errata/RHSA-2016-0277.html
seclists.org/fulldisclosure/2019/Sep/7
seclists.org/fulldisclosure/2021/Sep/0
seclists.org/fulldisclosure/2022/Jun/36
support.citrix.com/article/CTX206991
ubuntu.com/usn/usn-2900-1
www.debian.org/security/2016/dsa-3480
www.debian.org/security/2016/dsa-3481
www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow
www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en
www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
www.securityfocus.com/bid/83265
www.securitytracker.com/id/1035020
www.vmware.com/security/advisories/VMSA-2016-0002.html
access.redhat.com/articles/2161461
blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/
blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
bto.bluecoat.com/security-advisory/sa114
bugzilla.redhat.com/show_bug.cgi?id=1293532
googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
ics-cert.us-cert.gov/advisories/ICSA-16-103-01
kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161
kc.mcafee.com/corporate/index?page=content&id=SB10150
seclists.org/bugtraq/2019/Sep/7
security.gentoo.org/glsa/201602-02
security.netapp.com/advisory/ntap-20160217-0002/
sourceware.org/bugzilla/show_bug.cgi?id=18665
sourceware.org/ml/libc-alpha/2016-02/msg00416.html
support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html
support.lenovo.com/us/en/product_security/len_5450
www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17
www.exploit-db.com/exploits/39454/
www.exploit-db.com/exploits/40339/
www.kb.cert.org/vuls/id/457759
www.tenable.com/security/research/tra-2017-08
Social References
More
Related
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.6 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%