Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
Configuration 9 (hide)
|
Configuration 10 (hide)
|
History
12 Feb 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. | |
References |
|
02 Feb 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. | |
References |
|
20 Jun 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Jun 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jan 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Sep 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Sep 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2016-02-18 21:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-7547
Mitre link : CVE-2015-7547
CVE.ORG link : CVE-2015-7547
JSON object : View
Products Affected
redhat
- enterprise_linux_hpc_node
- enterprise_linux_server_aus
- enterprise_linux_server
- enterprise_linux_server_eus
- enterprise_linux_desktop
- enterprise_linux_hpc_node_eus
- enterprise_linux_workstation
oracle
- fujitsu_m10_firmware
- exalogic_infrastructure
hp
- helion_openstack
- server_migration_pack
f5
- big-ip_application_security_manager
- big-ip_application_acceleration_manager
- big-ip_local_traffic_manager
- big-ip_domain_name_system
- big-ip_analytics
- big-ip_access_policy_manager
- big-ip_advanced_firewall_manager
- big-ip_policy_enforcement_manager
- big-ip_link_controller
canonical
- ubuntu_linux
opensuse
- opensuse
suse
- linux_enterprise_software_development_kit
- linux_enterprise_debuginfo
- linux_enterprise_desktop
- linux_enterprise_server
- suse_linux_enterprise_server
gnu
- glibc
debian
- debian_linux
sophos
- unified_threat_management_software
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer