CVE-2015-0235
published 2015-01-28CVE-2015-0235: Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to…
critical10CVSS 3.1
AVNACLAuNCCICAC
EXPLOIT
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
Affected
42 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | < 10.11.1 | 10.11.1 |
| apple | os_x_el_capitan_10.11.1_security_update_2015-004_yosemite_and_security_update_20 | — | — |
| apple | os_x_el_capitan_v10.11 | — | — |
| apple | os_x_yosemite_v10.10.4_and_security_update_2015-005 | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | glibc | < glibc 2.18-1 (bookworm) | glibc 2.18-1 (bookworm) |
| gnu | glibc | >= 0 < 2.18-1 | 2.18-1 |
| gnu | glibc | >= 0 < 2.18-1 | 2.18-1 |
| gnu | glibc | >= 0 < 2.18-1 | 2.18-1 |
| gnu | glibc | >= 0 < 2.18-1 | 2.18-1 |
| gnu | glibc | >= 2.0 < 2.18 | 2.18 |
| ibm | pureapplication_system | — | — |
| ibm | pureapplication_system | — | — |
| ibm | pureapplication_system | — | — |
| ibm | security_access_manager_for_enterprise_single_sign-on | — | — |
| oracle | communications_application_session_controller | < 3.7.1 | 3.7.1 |
| oracle | communications_eagle_application_processor | — | — |
| oracle | communications_eagle_lnp_application_processor | — | — |
| oracle | communications_lsms | — | — |
| oracle | communications_policy_management | — | — |
| oracle | communications_policy_management | — | — |
| oracle | communications_policy_management | — | — |
| oracle | communications_policy_management | — | — |
| oracle | communications_policy_management | — | — |
CVSS provenance
nvd10.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL