CVE-2015-0235

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2015-0235
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2015-01-28 19:59:00 UTC
Updated2022-07-05 18:42:00 UTC
DescriptionHeap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Apple Mac Os X All All All All
Operating System Apple Mac Os X All All All All
Operating System Debian Debian Linux 7.0 All All All
Operating System Debian Debian Linux 8.0 All All All
Operating System Debian Debian Linux 7.0 All All All
Operating System Debian Debian Linux 8.0 All All All
Application Gnu Glibc All All All All
Application Gnu Glibc All All All All
Application Ibm Pureapplication System 1.0.0.0 All All All
Application Ibm Pureapplication System 1.1.0.0 All All All
Application Ibm Pureapplication System 2.0.0.0 All All All
Application Ibm Pureapplication System 1.0.0.0 All All All
Application Ibm Pureapplication System 1.1.0.0 All All All
Application Ibm Pureapplication System 2.0.0.0 All All All
Application Ibm Security Access Manager For Enterprise Single Sign-on 8.2 All All All
Application Ibm Security Access Manager For Enterprise Single Sign-on 8.2 All All All
Application Oracle Communications Application Session Controller All All All All
Application Oracle Communications Application Session Controller 3.7.1 - All All
Application Oracle Communications Application Session Controller All All All All
Application Oracle Communications Application Session Controller 3.7.1 - All All
Application Oracle Communications Eagle Application Processor 16.0 All All All
Application Oracle Communications Eagle Application Processor 16.0 All All All
Application Oracle Communications Eagle Lnp Application Processor 10.0 All All All
Application Oracle Communications Eagle Lnp Application Processor 10.0 All All All
Application Oracle Communications Lsms 13.1 All All All
Application Oracle Communications Lsms 13.1 All All All
Application Oracle Communications Policy Management 10.4.1 All All All
Application Oracle Communications Policy Management 11.5 All All All
Application Oracle Communications Policy Management 12.1.1 All All All
Application Oracle Communications Policy Management 9.7.3 All All All
Application Oracle Communications Policy Management 9.9.1 All All All
Application Oracle Communications Policy Management 10.4.1 All All All
Application Oracle Communications Policy Management 11.5 All All All
Application Oracle Communications Policy Management 12.1.1 All All All
Application Oracle Communications Policy Management 9.7.3 All All All
Application Oracle Communications Policy Management 9.9.1 All All All
Application Oracle Communications Session Border Controller All All All All
Application Oracle Communications Session Border Controller 7.2.0 - All All
Application Oracle Communications Session Border Controller 8.0.0 All All All
Application Oracle Communications Session Border Controller All All All All
Application Oracle Communications Session Border Controller 7.2.0 - All All
Application Oracle Communications Session Border Controller 8.0.0 All All All
Application Oracle Communications User Data Repository All All All All
Application Oracle Communications Webrtc Session Controller 7.0 All All All
Application Oracle Communications Webrtc Session Controller 7.1 All All All
Application Oracle Communications Webrtc Session Controller 7.2 All All All
Application Oracle Communications Webrtc Session Controller 7.0 All All All
Application Oracle Communications Webrtc Session Controller 7.1 All All All
Application Oracle Communications Webrtc Session Controller 7.2 All All All
Application Oracle Exalogic Infrastructure 1.0 All All All
Application Oracle Exalogic Infrastructure 2.0 All All All
Application Oracle Exalogic Infrastructure 1.0 All All All
Application Oracle Exalogic Infrastructure 2.0 All All All
Operating System Oracle Linux 5 - All All
Operating System Oracle Linux 7 0 All All
Operating System Oracle Linux 5 - All All
Operating System Oracle Linux 7 0 All All
Application Oracle Vm Virtualbox All All All All
Application Oracle Vm Virtualbox All All All All
Application Php Php All All All All
Application Redhat Virtualization 6.0 All All All
Application Redhat Virtualization 6.0 All All All

References

ReferenceSourceLinkTags
The glibc (Ghost) vulnerability: affected versions, recommended steps and workarounds CONFIRM www.sophos.com Third Party Advisory
Security Advisory SA62813 - IBM Security Network Protection Multiple Vulnerabilities - Secunia SECUNIA secunia.com Third Party Advisory
GNU glibc gethostbyname Function Buffer Overflow Vulnerability CISCO tools.cisco.com Third Party Advisory
www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt MISC www.qualys.com Third Party Advisory
Full Disclosure: SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series FULLDISC seclists.org Mailing List, Third Party Advisory
About the security content of OS X Yosemite v10.10.4 and Security Update 2015-005 - Apple Support CONFIRM support.apple.com Third Party Advisory
Security Advisory SA62871 - IBM PureApplication System GNU C Library Buffer Overflow Vulnerability - Secunia SECUNIA secunia.com Third Party Advisory
EMC Secure Remote Services GHOST / SQL Injection / Command Injection ≈ Packet Storm MISC packetstormsecurity.com Third Party Advisory, VDB Entry
oss-security - 21Nails: Multiple vulnerabilities in Exim MLIST www.openwall.com
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Proventia Network Enterprise Scanner (CVE-2015-0235) - United States CONFIRM www-01.ibm.com Third Party Advisory
Support / Security / Advisories / / MDVSA-2015:039 | Mandriva MANDRIVA www.mandriva.com Third Party Advisory
HPE Support document - HPE Support Center CONFIRM h20564.www2.hpe.com Third Party Advisory
Oracle Critical Patch Update - July 2016 CONFIRM www.oracle.com Third Party Advisory
Security Advisory SA62816 - F-Secure Messaging Security Gateway GNU C Library Buffer Overflow Vulnerability - Secunia SECUNIA secunia.com Third Party Advisory
APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007 APPLE lists.apple.com Mailing List, Third Party Advisory
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Virtual Server Protection for VMware (CVE-2015-0235) - United States CONFIRM www-01.ibm.com Third Party Advisory
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11 APPLE lists.apple.com Mailing List, Third Party Advisory
linux.oracle.com | ELSA-2015-0090 - glibc security update CONFIRM linux.oracle.com Third Party Advisory
Oracle July 2016 Critical Patch Update Multiple Vulnerabilities BID www.securityfocus.com Third Party Advisory, VDB Entry
IBM Security Bulletin: GNU C library (glibc) vulnerability affects QRadar SIEM, QRadar Risk Manager, and QRadar Vulnerability Manager (CVE-2015-0235) - United States CONFIRM www-01.ibm.com Third Party Advisory
Bugtraq: SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series BUGTRAQ seclists.org Mailing List, Third Party Advisory
Red Hat Customer Portal REDHAT rhn.redhat.com Third Party Advisory
Vulnerabilities resolved in TRITON APX Version 8.0 CONFIRM www.websense.com Permissions Required
Oracle Critical Patch Update - October 2015 CONFIRM www.oracle.com Third Party Advisory
oss-sec: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) BUGTRAQ seclists.org Mailing List, Third Party Advisory
Security Advisory SA62690 - Juniper Multiple Products GNU C Library Buffer Overflow Vulnerability - Secunia SECUNIA secunia.com Third Party Advisory
Exim GHOST (glibc gethostbyname) Buffer Overflow ≈ Packet Storm MISC packetstormsecurity.com Exploit, Third Party Advisory, VDB Entry
Moxa Command Injection / Cross Site Scripting / Vulnerable Software ≈ Packet Storm MISC packetstormsecurity.com
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Workload Deployer (CVE-2015-0235) - United States CONFIRM www-01.ibm.com Third Party Advisory
Oracle Critical Patch Update - July 2015 CONFIRM www.oracle.com Third Party Advisory
Security Advisory SA62691 - Blue Coat Multiple Products GNU C Library Buffer Overflow Vulnerability - Secunia SECUNIA secunia.com Third Party Advisory
The Laws of Vulnerabilities: The GHOST Vulnerab... | Qualys Community MISC community.qualys.com Third Party Advisory
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Access Manager for Web (CVE-2015-0235) - United States CONFIRM www-01.ibm.com Third Party Advisory
Security Advisory SA62688 - Sophos Multiple Products GNU C Library Buffer Overflow Vulnerability - Secunia SECUNIA secunia.com Third Party Advisory
Oracle Critical Patch Update - October 2016 CONFIRM www.oracle.com Third Party Advisory
Security Advisory SA62640 - IBM Security QRadar SIEM Multiple Vulnerabilities - Secunia SECUNIA secunia.com Third Party Advisory
'[security bulletin] HPSBMU03330 rev.1 - HP Matrix Operating Environment (MOE) running glibc on Linux' - MARC HP marc.info Issue Tracking, Mailing List, Third Party Advisory
APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005 APPLE lists.apple.com Mailing List, Third Party Advisory
Exim ESMTP GHOST Denial Of Service ≈ Packet Storm MISC packetstormsecurity.com Exploit, Third Party Advisory, VDB Entry
72325 BID www.securityfocus.com Third Party Advisory, VDB Entry
'[security bulletin] HPSBGN03285 rev.1 - HP Business Service Manager Virtual Appliance, Multiple Vul' - MARC HP marc.info Issue Tracking, Mailing List, Third Party Advisory
404 Not Found CONFIRM www.idirect.net Broken Link
Security Advisory SA62812 - IBM Security Access Manager for Web GNU C Library Buffer Overflow Vulnerability - Secunia SECUNIA secunia.com Third Party Advisory
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Access Manager for Mobile (CVE-2015-0235) - United States CONFIRM www-01.ibm.com Third Party Advisory
Security Advisory SA62870 - IBM Workload Deployer GNU C Library Buffer Overflow Vulnerability - Secunia SECUNIA secunia.com Third Party Advisory
Security Advisory SA62517 - McAfee Multiple Products GNU C Library Buffer Overflow Vulnerability - Secunia SECUNIA secunia.com Third Party Advisory
IBM Security Bulletin: GNU C library (glibc) vulnerability affects WebSphere Transformation Extender with Launcher Hypervisor Edition [for RHEL] (CVE-2015-0235) - United States CONFIRM www-01.ibm.com Third Party Advisory
'[security bulletin] HPSBGN03270 rev.1 - HP Operations Analytics, Remote Execution of Code' - MARC HP marc.info Issue Tracking, Mailing List, Third Party Advisory
Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor ≈ Packet Storm MISC packetstormsecurity.com
Security Advisory SA62680 - Ubuntu update for eglibc - Secunia SECUNIA secunia.com Third Party Advisory
Security Advisory SA62758 - IBM Security Access Manager for Mobile GNU C Library Buffer Overflow Vulnerability - Secunia SECUNIA secunia.com Third Party Advisory
fsc-2015-1 | F-Secure Labs CONFIRM www.f-secure.com Third Party Advisory
Home | Blue Coat Systems, Inc. CONFIRM bto.bluecoat.com Third Party Advisory
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Network Protection (CVE-2015-0235) - United States CONFIRM www-01.ibm.com Third Party Advisory
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM PureApplication System (CVE-2015-0235) - United States CONFIRM www-01.ibm.com Third Party Advisory
StruxureWare Data Center Operation Software Vulnerability Fixes - User Assistance for StruxureWare Data Center Operation 8 - Help Center: Support for EcoStruxure IT, StruxureWare for Data Centers, and NetBotz CONFIRM help.ecostruxureit.com Third Party Advisory
oss-sec: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow BUGTRAQ seclists.org Exploit, Mailing List, Third Party Advisory
McAfee KnowledgeBase - McAfee Security Bulletin - GHOST Vulnerability CONFIRM kc.mcafee.com Third Party Advisory
About the security content of OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks - Apple Support CONFIRM support.apple.com Third Party Advisory
Debian -- Security Information -- DSA-3142-1 eglibc DEBIAN www.debian.org Third Party Advisory
Juniper Networks - 2015-01 Out of Cycle Security Bulletin: GHOST glibc gethostbyname() buffer overflow vulnerability (CVE-2015-0235) - Knowledge Base CONFIRM kb.juniper.net Third Party Advisory
Full Disclosure: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow FULLDISC seclists.org Mailing List, Third Party Advisory
Full Disclosure: SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices FULLDISC seclists.org
Gentoo Security GENTOO security.gentoo.org Third Party Advisory
Oracle Critical Patch Update - April 2015 CONFIRM www.oracle.com Third Party Advisory
Security Advisory SA62865 - IBM WebSphere Transformation Extender GNU C Library Buffer Overflow Vulnerability - Secunia SECUNIA secunia.com Third Party Advisory
SecurityFocus BUGTRAQ www.securityfocus.com Exploit, Third Party Advisory, VDB Entry
Security Advisory SA62879 - IBM Security Virtual Server Protection for VMware GNU C Library Buffer Overflow Vulnerability - Secunia SECUNIA secunia.com Third Party Advisory
CPU Oct 2018 CONFIRM www.oracle.com Third Party Advisory
Security Advisory SA62692 - Cisco Multiple Products GNU C Library Buffer Overflow Vulnerability - Secunia SECUNIA secunia.com Third Party Advisory
CVE-2015-0235 GNU C Library (glibc) Vulnerability in Multiple NetApp Products | NetApp Product Security CONFIRM security.netapp.com Third Party Advisory
Sophos products and the GHOST vulnerability affecting Linux | Sophos Blog CONFIRM blogs.sophos.com Third Party Advisory
Security Advisory SA62883 - IBM Proventia Network Enterprise Scanner GNU C Library Buffer Overflow Vulnerability - Secunia SECUNIA secunia.com Third Party Advisory
Arista - Security Advisory 0009 MISC www.arista.com
About the security content of OS X El Capitan v10.11 - Apple Support CONFIRM support.apple.com Third Party Advisory
Security Advisory SA62698 - Oracle Linux update for glibc - Secunia SECUNIA secunia.com Third Party Advisory
'[security bulletin] HPSBGN03247 rev.1 - HP IceWall SSO Dfw using glibc, Remote Execution of Abitrary' - MARC HP marc.info Issue Tracking, Mailing List, Third Party Advisory
IBM Security Bulletin: Security Bulletin: GNU C library (glibc) vulnerability is fixed in IBM Security Access Manager for Enterprise Single Sign-On Virtual Appliance (CVE-2015-0235) - United States CONFIRM www-01.ibm.com Third Party Advisory
Security Advisory SA62681 - SUSE update for glibc - Secunia SECUNIA secunia.com Third Party Advisory
Security Advisory SA62715 - IBM Security Access Manager for Enterprise Single Sign-On GNU C Library Buffer Overflow Vulnerability - Secunia SECUNIA secunia.com Third Party Advisory
Oracle Critical Patch Update - July 2017 CONFIRM www.oracle.com Third Party Advisory
'[security bulletin] HPSBHF03289 rev.1- HP ThinClient PCs running ThinPro Linux, Remote Code Executio' - MARC HP marc.info Issue Tracking, Mailing List, Third Party Advisory
Oracle Critical Patch Update - October 2017 CONFIRM www.oracle.com Third Party Advisory
Security Advisory SA62667 - Red Hat update for glibc - Secunia SECUNIA secunia.com Third Party Advisory
linux.oracle.com | ELSA-2015-0092 - glibc security update CONFIRM linux.oracle.com Third Party Advisory
Oracle Communications Applications Flaws Let Remote Users Gain Elevated Privileges and Partially Access Data, Modify Data, and Deny Service - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf CONFIRM cert-portal.siemens.com Third Party Advisory
Oracle Critical Patch Update - January 2016 CONFIRM www.oracle.com Third Party Advisory
Full Disclosure: SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series FULLDISC seclists.org
WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials ≈ Packet Storm MISC packetstormsecurity.com Third Party Advisory, VDB Entry
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 591368 Eaton Power Xpert Gateway models buffer overflow Vulnerability (ETN-SB-2015-1002)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report