CVE-2015-5180 — NULL Pointer Dereference in Glibc

CWE-476 — NULL Pointer Dereference11 documents8 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 27.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc Eglibc Canonical Ubuntu Linux

Timeline

PublishedJun 27

Latest updateMay 14

Description

res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶Debiangnu/glibc< 2.24-9+3

▶Ubuntugnu/glibc< 2.23-0ubuntu7

▶Ubuntueglibc/eglibc< 2.19-0ubuntu6.11

▶NVDgnu/glibc2.24

Also affects: Ubuntu Linux 12.04, 14.04, 16.04

Patches

Patch: bugzilla.redhat.com ↗Patch: sourceware.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-g46c-xfm8-qq3g: res_query in libresolv in glibc before 2↗2022-05-14

▶

OSV

CVE-2015-5180: res_query in libresolv in glibc before 2↗2017-06-27

▶

CVEList

CVE-2015-5180: res_query in libresolv in glibc before 2↗2017-06-27

▶

OSV

eglibc, glibc regression↗2017-03-21

▶

📋Vendor Advisories

Ubuntu

GNU C Library Regression↗2017-03-21

▶

Ubuntu

GNU C Library vulnerabilities↗2017-03-21

▶

Red Hat

glibc: DNS resolver NULL pointer dereference with crafted record type↗2015-08-07

▶

Debian

CVE-2015-5180: glibc - res_query in libresolv in glibc before 2.25 allows remote attackers to cause a d...↗2015

▶

💬Community

Bugzilla

CVE-2015-5180 glibc: DNS resolver NULL pointer dereference with crafted record type [fedora-all]↗2015-08-07

▶

Bugzilla

CVE-2015-5180 glibc: DNS resolver NULL pointer dereference with crafted record type↗2015-08-03

▶