Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-7547

CWE-119Buffer OverflowCWE-121Stack-based Buffer Overflow22 documents13 sources
Severity
8.1HIGH
EPSS
94.0%
top 0.12%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
30
Oracle Fujitsu M10 FirmwareCanonical Ubuntu LinuxDebian Debian Linux+27 more
Timeline
PublishedFeb 18
Latest updateMay 13

Description

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages26 packages

Debianglibc< 2.21-8+3
NVDgnu/glibc21 versions+20
NVDhp/helion_openstack1.1.1, 2.0.0, 2.1.0+2

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 15.10, Enterprise Linux 7.2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
GHSA
GHSA-5xr7-h7cp-w9pc: Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6)2022-05-13
OSV
CVE-2015-7547: Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6)2016-02-18
CVEList
CVE-2015-7547: Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6)2016-02-18
VulnCheck
debian debian_linux Improper Restriction of Operations within the Bounds of a Memory Buffer2015

💥Exploits & PoCs

2
Exploit-DB
glibc - 'getaddrinfo' Remote Stack Buffer Overflow2016-09-06
Exploit-DB
glibc - 'getaddrinfo' Stack Buffer Overflow (PoC)2016-02-16

🔍Detection Rules

7
Suricata
ET EXPLOIT Possible CVE-2015-7547 Long Response to A lookup2016-02-18
Suricata
ET EXPLOIT Possible CVE-2015-7547 Malformed Server Response A/AAAA2016-02-18
Suricata
ET EXPLOIT Possible 2015-7547 PoC Server Response2016-02-18
Suricata
ET EXPLOIT Possible CVE-2015-7547 A/AAAA Record Lookup Possible Forced FallBack(fb set)2016-02-18
Suricata
ET EXPLOIT Possible CVE-2015-7547 Long Response to AAAA lookup2016-02-18

📋Vendor Advisories

4
Cisco
Vulnerability in GNU glibc Affecting Cisco Products: February 20162016-02-19
Ubuntu
GNU C Library vulnerability2016-02-16
Red Hat
glibc: getaddrinfo stack-based buffer overflow2016-02-16
Debian
CVE-2015-7547: glibc - Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functio...2015

🕵️Threat Intelligence

2
Qualys
New critical glibc vulnerability | Qualys2016-02-22
Qualys
New critical glibc vulnerability | Qualys2016-02-22

💬Community

2
Bugzilla
CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow [fedora-all]2016-02-16
Bugzilla
CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow2015-12-22