CVE-2015-1781 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Glibc
Severity
6.8MEDIUMNVD
EPSS
7.3%
top 8.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 28
Latest updateMay 14
Description
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.
CVSS vector
AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4
Affected Packages5 packages
Also affects: Debian Linux 7.0, Ubuntu Linux 12.04, 14.04, 15.04
🔴Vulnerability Details
3GHSA▶
GHSA-w9wj-9x52-h75c: Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2↗2022-05-14
OSV▶
CVE-2015-1781: Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2↗2015-09-28
CVEList▶
CVE-2015-1781: Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2↗2015-09-28