CVE-2015-1781
published 2015-09-28CVE-2015-1781: Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent…
medium6.8CVSS 3.1
AVNACMAuNCPIPAP
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | glibc | < glibc 2.19-20 (bookworm) | glibc 2.19-20 (bookworm) |
| eglibc | eglibc | >= 0 < 2.19-0ubuntu6.8 | 2.19-0ubuntu6.8 |
| eglibc | eglibc | >= 0 < 2.19-0ubuntu6.9 | 2.19-0ubuntu6.9 |
| gnu | glibc | <= 2.21 | — |
| gnu | glibc | >= 0 < 2.19-20 | 2.19-20 |
| gnu | glibc | >= 0 < 2.19-20 | 2.19-20 |
| gnu | glibc | >= 0 < 2.19-20 | 2.19-20 |
| gnu | glibc | >= 0 < 2.19-20 | 2.19-20 |
| suse | linux_enterprise_debuginfo | — | — |
| suse | linux_enterprise_desktop | — | — |
| suse | linux_enterprise_server | — | — |
CVSS provenance
nvd6.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM