CVE-2015-0235

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
Severity
UNKNOWN
AV:N/AC:L/Au:N/C:C/I:C/A:C
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
gnuglibc
2.0 ≤
𝑥
< 2.18
oraclecommunications_application_session_controller
𝑥
< 3.7.1
oraclecommunications_eagle_application_processor
16.0
oraclecommunications_eagle_lnp_application_processor
10.0
oraclecommunications_lsms
13.1
oraclecommunications_policy_management
9.7.3
oraclecommunications_policy_management
9.9.1
oraclecommunications_policy_management
10.4.1
oraclecommunications_policy_management
11.5
oraclecommunications_policy_management
12.1.1
oraclecommunications_session_border_controller
𝑥
< 7.2.0
oraclecommunications_session_border_controller
7.2.0
oraclecommunications_session_border_controller
8.0.0
oraclecommunications_user_data_repository
10.0.0 ≤
𝑥
≤ 10.0.1
oraclecommunications_webrtc_session_controller
7.0
oraclecommunications_webrtc_session_controller
7.1
oraclecommunications_webrtc_session_controller
7.2
oracleexalogic_infrastructure
1.0
oracleexalogic_infrastructure
2.0
oraclevm_virtualbox
𝑥
< 5.1.24
debiandebian_linux
7.0
debiandebian_linux
8.0
redhatvirtualization
6.0
applemac_os_x
𝑥
< 10.11.1
ibmpureapplication_system
1.0.0.0
ibmpureapplication_system
1.1.0.0
ibmpureapplication_system
2.0.0.0
ibmsecurity_access_manager_for_enterprise_single_sign-on
8.2
phpphp
5.4.0 ≤
𝑥
< 5.4.38
phpphp
5.5.0 ≤
𝑥
< 5.5.22
phpphp
5.6.0 ≤
𝑥
< 5.6.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glibc
bullseye
2.31-13+deb11u11
fixed
bullseye (security)
2.31-13+deb11u10
fixed
bookworm
2.36-9+deb12u8
fixed
bookworm (security)
2.36-9+deb12u7
fixed
sid
2.40-3
fixed
trixie
2.40-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eglibc
utopic
dne
trusty
not-affected
precise
Fixed 2.15-0ubuntu10.10
released
lucid
Fixed 2.11.1-0ubuntu7.20
released
glibc
utopic
not-affected
trusty
dne
precise
dne
lucid
dne
References