CVE-2015-0235

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2015-0235
StatePUBLISHED
Assignerredhat
Source PriorityCVE Program / NVD first with legacy fallback
Published2015-01-28 19:59:00 UTC
Updated2026-05-06 22:30:45 UTC
DescriptionHeap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

Risk And Classification

Primary CVSS: v2.0 10 from [email protected]

AV:N/AC:L/Au:N/C:C/I:C/A:C

Problem Types: CWE-787 | n/a

CVSS v2.0 Breakdown

Access Vector
Network
Access Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Apple Mac Os X All All All All
Operating System Debian Debian Linux 7.0 All All All
Operating System Debian Debian Linux 8.0 All All All
Application Gnu Glibc All All All All
Application Ibm Pureapplication System 1.0.0.0 All All All
Application Ibm Pureapplication System 1.1.0.0 All All All
Application Ibm Pureapplication System 2.0.0.0 All All All
Application Ibm Security Access Manager For Enterprise Single Sign-on 8.2 All All All
Application Oracle Communications Application Session Controller All All All All
Application Oracle Communications Eagle Application Processor 16.0 All All All
Application Oracle Communications Eagle Lnp Application Processor 10.0 All All All
Application Oracle Communications Lsms 13.1 All All All
Application Oracle Communications Policy Management 10.4.1 All All All
Application Oracle Communications Policy Management 11.5 All All All
Application Oracle Communications Policy Management 12.1.1 All All All
Application Oracle Communications Policy Management 9.7.3 All All All
Application Oracle Communications Policy Management 9.9.1 All All All
Application Oracle Communications Session Border Controller All All All All
Application Oracle Communications Session Border Controller 7.2.0 - All All
Application Oracle Communications Session Border Controller 8.0.0 All All All
Application Oracle Communications User Data Repository All All All All
Application Oracle Communications Webrtc Session Controller 7.0 All All All
Application Oracle Communications Webrtc Session Controller 7.1 All All All
Application Oracle Communications Webrtc Session Controller 7.2 All All All
Application Oracle Exalogic Infrastructure 1.0 All All All
Application Oracle Exalogic Infrastructure 2.0 All All All
Operating System Oracle Linux 5 - All All
Operating System Oracle Linux 7 0 All All
Application Oracle Vm Virtualbox All All All All
Application Php Php All All All All
Application Redhat Virtualization 6.0 All All All

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Na N/a affected n/a Not specified

References

ReferenceSourceLinkTags
Security Advisory SA62681 - SUSE update for glibc - Secunia af854a3a-2127-422b-91ae-364da2661108 secunia.com Not Applicable
Security Advisory SA62715 - IBM Security Access Manager for Enterprise Single Sign-On GNU C Library Buffer Overflow Vulnerability - Secunia af854a3a-2127-422b-91ae-364da2661108 secunia.com Not Applicable
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Access Manager for Web (CVE-2015-0235) - United States af854a3a-2127-422b-91ae-364da2661108 www-01.ibm.com Third Party Advisory
CPU Oct 2018 af854a3a-2127-422b-91ae-364da2661108 www.oracle.com Patch, Third Party Advisory
GNU glibc gethostbyname Function Buffer Overflow Vulnerability af854a3a-2127-422b-91ae-364da2661108 tools.cisco.com Third Party Advisory
www.securityfocus.com/bid/72325 af854a3a-2127-422b-91ae-364da2661108 www.securityfocus.com Third Party Advisory, VDB Entry
StruxureWare Data Center Operation Software Vulnerability Fixes - User Assistance for StruxureWare Data Center Operation 8 - Help Center: Support for EcoStruxure IT, StruxureWare for Data Centers, and NetBotz af854a3a-2127-422b-91ae-364da2661108 help.ecostruxureit.com Third Party Advisory
'[security bulletin] HPSBMU03330 rev.1 - HP Matrix Operating Environment (MOE) running glibc on Linux' - MARC af854a3a-2127-422b-91ae-364da2661108 marc.info Issue Tracking, Mailing List, Third Party Advisory
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM PureApplication System (CVE-2015-0235) - United States af854a3a-2127-422b-91ae-364da2661108 www-01.ibm.com Third Party Advisory
SecurityFocus af854a3a-2127-422b-91ae-364da2661108 www.securityfocus.com Exploit, Third Party Advisory, VDB Entry
'[security bulletin] HPSBHF03289 rev.1- HP ThinClient PCs running ThinPro Linux, Remote Code Executio' - MARC af854a3a-2127-422b-91ae-364da2661108 marc.info Issue Tracking, Mailing List, Third Party Advisory
Full Disclosure: SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series af854a3a-2127-422b-91ae-364da2661108 seclists.org Exploit, Mailing List, Third Party Advisory
Full Disclosure: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow af854a3a-2127-422b-91ae-364da2661108 seclists.org Mailing List, Third Party Advisory
EMC Secure Remote Services GHOST / SQL Injection / Command Injection ≈ Packet Storm af854a3a-2127-422b-91ae-364da2661108 packetstormsecurity.com Third Party Advisory, VDB Entry
Security Advisory SA62698 - Oracle Linux update for glibc - Secunia af854a3a-2127-422b-91ae-364da2661108 secunia.com Not Applicable
oss-security - 21Nails: Multiple vulnerabilities in Exim af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Exploit, Mailing List
Security Advisory SA62870 - IBM Workload Deployer GNU C Library Buffer Overflow Vulnerability - Secunia af854a3a-2127-422b-91ae-364da2661108 secunia.com Not Applicable
The glibc (Ghost) vulnerability: affected versions, recommended steps and workarounds af854a3a-2127-422b-91ae-364da2661108 www.sophos.com Third Party Advisory
About the security content of OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks - Apple Support af854a3a-2127-422b-91ae-364da2661108 support.apple.com Third Party Advisory
The Laws of Vulnerabilities: The GHOST Vulnerab... | Qualys Community af854a3a-2127-422b-91ae-364da2661108 community.qualys.com Third Party Advisory
Juniper Networks - 2015-01 Out of Cycle Security Bulletin: GHOST glibc gethostbyname() buffer overflow vulnerability (CVE-2015-0235) - Knowledge Base af854a3a-2127-422b-91ae-364da2661108 kb.juniper.net Third Party Advisory
Security Advisory SA62517 - McAfee Multiple Products GNU C Library Buffer Overflow Vulnerability - Secunia af854a3a-2127-422b-91ae-364da2661108 secunia.com Not Applicable
linux.oracle.com | ELSA-2015-0092 - glibc security update af854a3a-2127-422b-91ae-364da2661108 linux.oracle.com Third Party Advisory
Oracle Critical Patch Update - October 2016 af854a3a-2127-422b-91ae-364da2661108 www.oracle.com Patch, Third Party Advisory
www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt af854a3a-2127-422b-91ae-364da2661108 www.qualys.com Third Party Advisory
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11 af854a3a-2127-422b-91ae-364da2661108 lists.apple.com Mailing List, Third Party Advisory
Oracle Critical Patch Update - July 2015 af854a3a-2127-422b-91ae-364da2661108 www.oracle.com Third Party Advisory
Red Hat Customer Portal af854a3a-2127-422b-91ae-364da2661108 rhn.redhat.com Third Party Advisory
Full Disclosure: SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series af854a3a-2127-422b-91ae-364da2661108 seclists.org Exploit, Mailing List, Third Party Advisory
'[security bulletin] HPSBGN03270 rev.1 - HP Operations Analytics, Remote Execution of Code' - MARC af854a3a-2127-422b-91ae-364da2661108 marc.info Issue Tracking, Mailing List, Third Party Advisory
McAfee KnowledgeBase - McAfee Security Bulletin - GHOST Vulnerability af854a3a-2127-422b-91ae-364da2661108 kc.mcafee.com Third Party Advisory
Exim ESMTP GHOST Denial Of Service ≈ Packet Storm af854a3a-2127-422b-91ae-364da2661108 packetstormsecurity.com Exploit, Third Party Advisory, VDB Entry
HPE Support document - HPE Support Center af854a3a-2127-422b-91ae-364da2661108 h20564.www2.hpe.com Third Party Advisory
'[security bulletin] HPSBGN03247 rev.1 - HP IceWall SSO Dfw using glibc, Remote Execution of Abitrary' - MARC af854a3a-2127-422b-91ae-364da2661108 marc.info Issue Tracking, Mailing List, Third Party Advisory
Home | Blue Coat Systems, Inc. af854a3a-2127-422b-91ae-364da2661108 bto.bluecoat.com Third Party Advisory
cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf af854a3a-2127-422b-91ae-364da2661108 cert-portal.siemens.com Third Party Advisory
Oracle Critical Patch Update - October 2015 af854a3a-2127-422b-91ae-364da2661108 www.oracle.com Third Party Advisory
Arista - Security Advisory 0009 af854a3a-2127-422b-91ae-364da2661108 www.arista.com Third Party Advisory
Security Advisory SA62865 - IBM WebSphere Transformation Extender GNU C Library Buffer Overflow Vulnerability - Secunia af854a3a-2127-422b-91ae-364da2661108 secunia.com Not Applicable
Security Advisory SA62813 - IBM Security Network Protection Multiple Vulnerabilities - Secunia af854a3a-2127-422b-91ae-364da2661108 secunia.com Not Applicable
oss-sec: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) af854a3a-2127-422b-91ae-364da2661108 seclists.org Mailing List, Third Party Advisory
Security Advisory SA62690 - Juniper Multiple Products GNU C Library Buffer Overflow Vulnerability - Secunia af854a3a-2127-422b-91ae-364da2661108 secunia.com Not Applicable
oss-sec: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow af854a3a-2127-422b-91ae-364da2661108 seclists.org Exploit, Mailing List, Third Party Advisory
APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005 af854a3a-2127-422b-91ae-364da2661108 lists.apple.com Mailing List, Third Party Advisory
Oracle Critical Patch Update - July 2016 af854a3a-2127-422b-91ae-364da2661108 www.oracle.com Patch, Third Party Advisory
Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor ≈ Packet Storm af854a3a-2127-422b-91ae-364da2661108 packetstormsecurity.com Exploit, Third Party Advisory, VDB Entry
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Network Protection (CVE-2015-0235) - United States af854a3a-2127-422b-91ae-364da2661108 www-01.ibm.com Third Party Advisory
404 Not Found af854a3a-2127-422b-91ae-364da2661108 www.idirect.net Broken Link, URL Repurposed
IBM Security Bulletin: GNU C library (glibc) vulnerability affects QRadar SIEM, QRadar Risk Manager, and QRadar Vulnerability Manager (CVE-2015-0235) - United States af854a3a-2127-422b-91ae-364da2661108 www-01.ibm.com Third Party Advisory
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Proventia Network Enterprise Scanner (CVE-2015-0235) - United States af854a3a-2127-422b-91ae-364da2661108 www-01.ibm.com Third Party Advisory
Oracle Critical Patch Update - April 2015 af854a3a-2127-422b-91ae-364da2661108 www.oracle.com Third Party Advisory
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Virtual Server Protection for VMware (CVE-2015-0235) - United States af854a3a-2127-422b-91ae-364da2661108 www-01.ibm.com Third Party Advisory
Security Advisory SA62692 - Cisco Multiple Products GNU C Library Buffer Overflow Vulnerability - Secunia af854a3a-2127-422b-91ae-364da2661108 secunia.com Not Applicable
Security Advisory SA62680 - Ubuntu update for eglibc - Secunia af854a3a-2127-422b-91ae-364da2661108 secunia.com Not Applicable
Gentoo Security af854a3a-2127-422b-91ae-364da2661108 security.gentoo.org Third Party Advisory
IBM Security Bulletin: GNU C library (glibc) vulnerability affects WebSphere Transformation Extender with Launcher Hypervisor Edition [for RHEL] (CVE-2015-0235) - United States af854a3a-2127-422b-91ae-364da2661108 www-01.ibm.com Third Party Advisory
Oracle Critical Patch Update - October 2017 af854a3a-2127-422b-91ae-364da2661108 www.oracle.com Patch, Third Party Advisory
Full Disclosure: SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices af854a3a-2127-422b-91ae-364da2661108 seclists.org Exploit, Mailing List, Third Party Advisory
Oracle Critical Patch Update - January 2016 af854a3a-2127-422b-91ae-364da2661108 www.oracle.com Third Party Advisory
Security Advisory SA62871 - IBM PureApplication System GNU C Library Buffer Overflow Vulnerability - Secunia af854a3a-2127-422b-91ae-364da2661108 secunia.com Not Applicable
Security Advisory SA62667 - Red Hat update for glibc - Secunia af854a3a-2127-422b-91ae-364da2661108 secunia.com Not Applicable
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Access Manager for Mobile (CVE-2015-0235) - United States af854a3a-2127-422b-91ae-364da2661108 www-01.ibm.com Third Party Advisory
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Workload Deployer (CVE-2015-0235) - United States af854a3a-2127-422b-91ae-364da2661108 www-01.ibm.com Third Party Advisory
Exim GHOST (glibc gethostbyname) Buffer Overflow ≈ Packet Storm af854a3a-2127-422b-91ae-364da2661108 packetstormsecurity.com Exploit, Third Party Advisory, VDB Entry
Oracle Communications Applications Flaws Let Remote Users Gain Elevated Privileges and Partially Access Data, Modify Data, and Deny Service - SecurityTracker af854a3a-2127-422b-91ae-364da2661108 www.securitytracker.com Third Party Advisory, VDB Entry
Bugtraq: SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series af854a3a-2127-422b-91ae-364da2661108 seclists.org Exploit, Mailing List, Third Party Advisory
linux.oracle.com | ELSA-2015-0090 - glibc security update af854a3a-2127-422b-91ae-364da2661108 linux.oracle.com Third Party Advisory
Support / Security / Advisories / / MDVSA-2015:039 | Mandriva af854a3a-2127-422b-91ae-364da2661108 www.mandriva.com Third Party Advisory
Security Advisory SA62758 - IBM Security Access Manager for Mobile GNU C Library Buffer Overflow Vulnerability - Secunia af854a3a-2127-422b-91ae-364da2661108 secunia.com Not Applicable
Security Advisory SA62688 - Sophos Multiple Products GNU C Library Buffer Overflow Vulnerability - Secunia af854a3a-2127-422b-91ae-364da2661108 secunia.com Not Applicable
Security Advisory SA62883 - IBM Proventia Network Enterprise Scanner GNU C Library Buffer Overflow Vulnerability - Secunia af854a3a-2127-422b-91ae-364da2661108 secunia.com Not Applicable
fsc-2015-1 | F-Secure Labs af854a3a-2127-422b-91ae-364da2661108 www.f-secure.com Third Party Advisory
Debian -- Security Information -- DSA-3142-1 eglibc af854a3a-2127-422b-91ae-364da2661108 www.debian.org Third Party Advisory
Security Advisory SA62816 - F-Secure Messaging Security Gateway GNU C Library Buffer Overflow Vulnerability - Secunia af854a3a-2127-422b-91ae-364da2661108 secunia.com Not Applicable
'[security bulletin] HPSBGN03285 rev.1 - HP Business Service Manager Virtual Appliance, Multiple Vul' - MARC af854a3a-2127-422b-91ae-364da2661108 marc.info Issue Tracking, Mailing List, Third Party Advisory
Oracle Critical Patch Update - July 2017 af854a3a-2127-422b-91ae-364da2661108 www.oracle.com Patch, Third Party Advisory
IBM Security Bulletin: Security Bulletin: GNU C library (glibc) vulnerability is fixed in IBM Security Access Manager for Enterprise Single Sign-On Virtual Appliance (CVE-2015-0235) - United States af854a3a-2127-422b-91ae-364da2661108 www-01.ibm.com Third Party Advisory
About the security content of OS X El Capitan v10.11 - Apple Support af854a3a-2127-422b-91ae-364da2661108 support.apple.com Third Party Advisory
About the security content of OS X Yosemite v10.10.4 and Security Update 2015-005 - Apple Support af854a3a-2127-422b-91ae-364da2661108 support.apple.com Third Party Advisory
Security Advisory SA62691 - Blue Coat Multiple Products GNU C Library Buffer Overflow Vulnerability - Secunia af854a3a-2127-422b-91ae-364da2661108 secunia.com Not Applicable
CVE-2015-0235 GNU C Library (glibc) Vulnerability in Multiple NetApp Products | NetApp Product Security af854a3a-2127-422b-91ae-364da2661108 security.netapp.com Third Party Advisory
Oracle July 2016 Critical Patch Update Multiple Vulnerabilities af854a3a-2127-422b-91ae-364da2661108 www.securityfocus.com Third Party Advisory, VDB Entry
Security Advisory SA62640 - IBM Security QRadar SIEM Multiple Vulnerabilities - Secunia af854a3a-2127-422b-91ae-364da2661108 secunia.com Not Applicable
WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials ≈ Packet Storm af854a3a-2127-422b-91ae-364da2661108 packetstormsecurity.com Exploit, Third Party Advisory, VDB Entry
Moxa Command Injection / Cross Site Scripting / Vulnerable Software ≈ Packet Storm af854a3a-2127-422b-91ae-364da2661108 packetstormsecurity.com Exploit, Third Party Advisory, VDB Entry
Security Advisory SA62879 - IBM Security Virtual Server Protection for VMware GNU C Library Buffer Overflow Vulnerability - Secunia af854a3a-2127-422b-91ae-364da2661108 secunia.com Not Applicable
Sophos products and the GHOST vulnerability affecting Linux | Sophos Blog af854a3a-2127-422b-91ae-364da2661108 blogs.sophos.com Third Party Advisory
Security Advisory SA62812 - IBM Security Access Manager for Web GNU C Library Buffer Overflow Vulnerability - Secunia af854a3a-2127-422b-91ae-364da2661108 secunia.com Not Applicable
Vulnerabilities resolved in TRITON APX Version 8.0 af854a3a-2127-422b-91ae-364da2661108 www.websense.com Broken Link, Permissions Required
APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007 af854a3a-2127-422b-91ae-364da2661108 lists.apple.com Mailing List, Third Party Advisory
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 591368 Eaton Power Xpert Gateway models buffer overflow Vulnerability (ETN-SB-2015-1002)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report