Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
13 Feb 2023, 00:46
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. |
02 Feb 2023, 20:20
Type | Values Removed | Values Added |
---|---|---|
Summary | A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application. | |
References |
|
|
Information
Published : 2015-09-28 20:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-1781
Mitre link : CVE-2015-1781
CVE.ORG link : CVE-2015-1781
JSON object : View
Products Affected
canonical
- ubuntu_linux
suse
- linux_enterprise_debuginfo
- linux_enterprise_server
- linux_enterprise_desktop
gnu
- glibc
debian
- debian_linux
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer