{"api_version":"1","generated_at":"2026-04-23T13:25:01+00:00","cve":"CVE-2015-5277","urls":{"html":"https://cve.report/CVE-2015-5277","api":"https://cve.report/api/cve/CVE-2015-5277.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-5277","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-5277"},"summary":{"title":"CVE-2015-5277","description":"The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2015-12-17 19:59:00","updated_at":"2023-02-12 23:15:00"},"problem_types":["CWE-119"],"metrics":[],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1262914","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1262914","refsource":"CONFIRM","tags":[],"title":"Bug 1262914 – CVE-2015-5277 glibc: data corruption while reading the NSS files database","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/78092","name":"78092","refsource":"BID","tags":[],"title":"GNU glibc CVE-2015-5277 Local Heap Based Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2015-5277","name":"https://access.redhat.com/security/cve/CVE-2015-5277","refsource":"MISC","tags":[],"title":"CVE-2015-5277 - Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-2985-2","name":"USN-2985-2","refsource":"UBUNTU","tags":[],"title":"USN-2985-2: GNU C Library regression | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2019/Sep/7","name":"20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-2172.html","name":"RHSA-2015:2172","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2015:2172","name":"https://access.redhat.com/errata/RHSA-2015:2172","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html","name":"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html","refsource":"MISC","tags":[],"title":"Cisco Device Hardcoded Credentials / GNU glibc / BusyBox ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1034196","name":"1034196","refsource":"SECTRACK","tags":[],"title":"Glibc Heap Corruption in nss_files Backend Lets Local Users Gain Elevated Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://seclists.org/bugtraq/2019/Sep/7","name":"20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X","refsource":"BUGTRAQ","tags":[],"title":"Bugtraq: SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://sourceware.org/ml/libc-alpha/2014-09/msg00088.html","name":"[libc-alpha] 20140909 The GNU C Library version 2.20 is now available","refsource":"MLIST","tags":[],"title":"Allan McRae - The GNU C Library version 2.20 is now available","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","name":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","refsource":"CONFIRM","tags":[],"title":"Oracle Linux Bulletin - October 2015","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-2985-1","name":"USN-2985-1","refsource":"UBUNTU","tags":[],"title":"USN-2985-1: GNU C Library vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=17079","name":"https://sourceware.org/bugzilla/show_bug.cgi?id=17079","refsource":"CONFIRM","tags":[],"title":"17079 – (CVE-2015-5277) nss_files heap-based buffer overflow with small buffer (CVE-2015-5277)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2015:2589","name":"https://access.redhat.com/errata/RHSA-2015:2589","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/201702-11","name":"GLSA-201702-11","refsource":"GENTOO","tags":[],"title":"GNU C Library: Multiple vulnerabilities (GLSA 201702-11) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-5277","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5277","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"5277","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"12.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"5277","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"5277","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"15.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"5277","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"12.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"5277","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"5277","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"15.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"5277","vulnerable":"1","versionEndIncluding":"2.19","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"5277","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_desktop","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"5277","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_desktop","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"5277","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_hpc_node","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"5277","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_hpc_node","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"5277","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"5277","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"5277","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_workstation","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"5277","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_workstation","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2015-5277","qid":"710558","title":"Gentoo Linux GNU C Library Multiple Vulnerabilities (GLSA 201702-11)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2015-5277","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","refsource":"MISC","name":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"},{"url":"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html","refsource":"MISC","name":"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-2172.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2015-2172.html"},{"url":"http://seclists.org/fulldisclosure/2019/Sep/7","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2019/Sep/7"},{"url":"http://www.securityfocus.com/bid/78092","refsource":"MISC","name":"http://www.securityfocus.com/bid/78092"},{"url":"http://www.securitytracker.com/id/1034196","refsource":"MISC","name":"http://www.securitytracker.com/id/1034196"},{"url":"http://www.ubuntu.com/usn/USN-2985-1","refsource":"MISC","name":"http://www.ubuntu.com/usn/USN-2985-1"},{"url":"http://www.ubuntu.com/usn/USN-2985-2","refsource":"MISC","name":"http://www.ubuntu.com/usn/USN-2985-2"},{"url":"https://seclists.org/bugtraq/2019/Sep/7","refsource":"MISC","name":"https://seclists.org/bugtraq/2019/Sep/7"},{"url":"https://security.gentoo.org/glsa/201702-11","refsource":"MISC","name":"https://security.gentoo.org/glsa/201702-11"},{"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=17079","refsource":"MISC","name":"https://sourceware.org/bugzilla/show_bug.cgi?id=17079"},{"url":"https://sourceware.org/ml/libc-alpha/2014-09/msg00088.html","refsource":"MISC","name":"https://sourceware.org/ml/libc-alpha/2014-09/msg00088.html"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1262914","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1262914"}]}},"nvd":{"publishedDate":"2015-12-17 19:59:00","lastModifiedDate":"2023-02-12 23:15:00","problem_types":["CWE-119"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*","versionEndIncluding":"2.19","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"5277","Ordinal":"82258","Title":"CVE-2015-5277","CVE":"CVE-2015-5277","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"5277","Ordinal":"1","NoteData":"The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.","Type":"Description","Title":null},{"CveYear":"2015","CveId":"5277","Ordinal":"2","NoteData":"2015-12-17","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"5277","Ordinal":"3","NoteData":"2019-09-04","Type":"Other","Title":"Modified"}]}}}