csaf_redhat - rhsa-2016

rhsa-2016_0277

Vulnerability from csaf_redhat

Published

2016-02-19 22:19

Modified

2024-11-14 15:36

Summary

Red Hat Security Advisory: rhev-hypervisor security update

Notes

Topic

Updated rhev-hypervisor packages that fix one security issue are now available. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547) This issue was discovered by the Google Security Team and Red Hat. Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to these updated packages.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated rhev-hypervisor packages that fix one security issue are now\navailable.\n\nRed Hat Product Security has rated this update as having Critical security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The rhev-hypervisor package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA stack-based buffer overflow was found in the way the libresolv library\nperformed dual A/AAAA DNS queries. A remote attacker could create a\nspecially crafted DNS response which could cause libresolv to crash or,\npotentially, execute code with the permissions of the user running the\nlibrary. Note: this issue is only exposed when libresolv is called from the\nnss_dns NSS service module. (CVE-2015-7547)\n\nThis issue was discovered by the Google Security Team and Red Hat.\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to these updated packages.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2016:0277",
        "url": "https://access.redhat.com/errata/RHSA-2016:0277"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/articles/2161461",
        "url": "https://access.redhat.com/articles/2161461"
      },
      {
        "category": "external",
        "summary": "1293532",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293532"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_0277.json"
      }
    ],
    "title": "Red Hat Security Advisory: rhev-hypervisor security update",
    "tracking": {
      "current_release_date": "2024-11-14T15:36:19+00:00",
      "generator": {
        "date": "2024-11-14T15:36:19+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2016:0277",
      "initial_release_date": "2016-02-19T22:19:14+00:00",
      "revision_history": [
        {
          "date": "2016-02-19T22:19:14+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2016-02-19T22:19:14+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T15:36:19+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHEV Hypervisor for RHEL-6",
                "product": {
                  "name": "RHEV Hypervisor for RHEL-6",
                  "product_id": "6Server-RHEV-Hypervisor",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::hypervisor"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "RHEL 7-based RHEV-H",
                "product": {
                  "name": "RHEL 7-based RHEV-H",
                  "product_id": "7Server-RHEV-Hypervisor-7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhev-hypervisor6-0:6.7-20160104.2.el6ev.noarch",
                "product": {
                  "name": "rhev-hypervisor6-0:6.7-20160104.2.el6ev.noarch",
                  "product_id": "rhev-hypervisor6-0:6.7-20160104.2.el6ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhev-hypervisor6@6.7-20160104.2.el6ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhev-hypervisor7-0:7.2-20160105.2.el6ev.noarch",
                "product": {
                  "name": "rhev-hypervisor7-0:7.2-20160105.2.el6ev.noarch",
                  "product_id": "rhev-hypervisor7-0:7.2-20160105.2.el6ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhev-hypervisor7@7.2-20160105.2.el6ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhev-hypervisor7-0:7.2-20160105.2.el7ev.noarch",
                "product": {
                  "name": "rhev-hypervisor7-0:7.2-20160105.2.el7ev.noarch",
                  "product_id": "rhev-hypervisor7-0:7.2-20160105.2.el7ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhev-hypervisor7@7.2-20160105.2.el7ev?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhev-hypervisor7-0:7.2-20160105.2.el6ev.src",
                "product": {
                  "name": "rhev-hypervisor7-0:7.2-20160105.2.el6ev.src",
                  "product_id": "rhev-hypervisor7-0:7.2-20160105.2.el6ev.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhev-hypervisor7@7.2-20160105.2.el6ev?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhev-hypervisor7-0:7.2-20160105.2.el7ev.src",
                "product": {
                  "name": "rhev-hypervisor7-0:7.2-20160105.2.el7ev.src",
                  "product_id": "rhev-hypervisor7-0:7.2-20160105.2.el7ev.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhev-hypervisor7@7.2-20160105.2.el7ev?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhev-hypervisor6-0:6.7-20160104.2.el6ev.noarch as a component of RHEV Hypervisor for RHEL-6",
          "product_id": "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.7-20160104.2.el6ev.noarch"
        },
        "product_reference": "rhev-hypervisor6-0:6.7-20160104.2.el6ev.noarch",
        "relates_to_product_reference": "6Server-RHEV-Hypervisor"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhev-hypervisor7-0:7.2-20160105.2.el6ev.noarch as a component of RHEV Hypervisor for RHEL-6",
          "product_id": "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.2-20160105.2.el6ev.noarch"
        },
        "product_reference": "rhev-hypervisor7-0:7.2-20160105.2.el6ev.noarch",
        "relates_to_product_reference": "6Server-RHEV-Hypervisor"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhev-hypervisor7-0:7.2-20160105.2.el6ev.src as a component of RHEV Hypervisor for RHEL-6",
          "product_id": "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.2-20160105.2.el6ev.src"
        },
        "product_reference": "rhev-hypervisor7-0:7.2-20160105.2.el6ev.src",
        "relates_to_product_reference": "6Server-RHEV-Hypervisor"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhev-hypervisor7-0:7.2-20160105.2.el7ev.noarch as a component of RHEL 7-based RHEV-H",
          "product_id": "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.2-20160105.2.el7ev.noarch"
        },
        "product_reference": "rhev-hypervisor7-0:7.2-20160105.2.el7ev.noarch",
        "relates_to_product_reference": "7Server-RHEV-Hypervisor-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhev-hypervisor7-0:7.2-20160105.2.el7ev.src as a component of RHEL 7-based RHEV-H",
          "product_id": "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.2-20160105.2.el7ev.src"
        },
        "product_reference": "rhev-hypervisor7-0:7.2-20160105.2.el7ev.src",
        "relates_to_product_reference": "7Server-RHEV-Hypervisor-7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Google Security Team"
          ],
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2015-7547",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "discovery_date": "2015-12-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1293532"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glibc: getaddrinfo stack-based buffer overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "After updating the glibc package on affected systems, it is strongly recommended to reboot the system or restart all the affected services. For more information please refer to: https://access.redhat.com/articles/2161461",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.7-20160104.2.el6ev.noarch",
          "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.2-20160105.2.el6ev.noarch",
          "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.2-20160105.2.el6ev.src",
          "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.2-20160105.2.el7ev.noarch",
          "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.2-20160105.2.el7ev.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-7547"
        },
        {
          "category": "external",
          "summary": "RHBZ#1293532",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293532"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-7547",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-7547"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7547",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7547"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/articles/2161461",
          "url": "https://access.redhat.com/articles/2161461"
        }
      ],
      "release_date": "2016-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2016-02-19T22:19:14+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.7-20160104.2.el6ev.noarch",
            "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.2-20160105.2.el6ev.noarch",
            "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.2-20160105.2.el6ev.src",
            "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.2-20160105.2.el7ev.noarch",
            "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.2-20160105.2.el7ev.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:0277"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.7-20160104.2.el6ev.noarch",
            "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.2-20160105.2.el6ev.noarch",
            "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.2-20160105.2.el6ev.src",
            "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.2-20160105.2.el7ev.noarch",
            "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.2-20160105.2.el7ev.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "glibc: getaddrinfo stack-based buffer overflow"
    }
  ]
}

cve-2015-7547

Vulnerability from cvelistv5

Published

2016-02-18 21:00

Modified

2024-08-06 07:51

Severity ?

Summary

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1035020	vdb-entry, x_refsource_SECTRACK
	http://marc.info/?l=bugtraq&m=146161017210491&w=2	vendor-advisory, x_refsource_HP
	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-0175.html	vendor-advisory, x_refsource_REDHAT
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672	x_refsource_CONFIRM
	https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/	x_refsource_CONFIRM
	https://sourceware.org/bugzilla/show_bug.cgi?id=18665	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=145857691004892&w=2	vendor-advisory, x_refsource_HP
	http://rhn.redhat.com/errata/RHSA-2016-0225.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html	vendor-advisory, x_refsource_FEDORA
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161	x_refsource_CONFIRM
	http://www.debian.org/security/2016/dsa-3481	vendor-advisory, x_refsource_DEBIAN
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html	vendor-advisory, x_refsource_SUSE
	http://ubuntu.com/usn/usn-2900-1	vendor-advisory, x_refsource_UBUNTU
	http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-0277.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html	vendor-advisory, x_refsource_SUSE
	https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html	x_refsource_MISC
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20160217-0002/	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html	vendor-advisory, x_refsource_SUSE
	https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/	x_refsource_CONFIRM
	https://support.lenovo.com/us/en/product_security/len_5450	x_refsource_CONFIRM
	https://www.tenable.com/security/research/tra-2017-08	x_refsource_MISC
	http://www.vmware.com/security/advisories/VMSA-2016-0002.html	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=145672440608228&w=2	vendor-advisory, x_refsource_HP
	http://www.securityfocus.com/bid/83265	vdb-entry, x_refsource_BID
	http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201602-02	vendor-advisory, x_refsource_GENTOO
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=145596041017029&w=2	vendor-advisory, x_refsource_HP
	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html	vendor-advisory, x_refsource_SUSE
	https://www.exploit-db.com/exploits/40339/	exploit, x_refsource_EXPLOIT-DB
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877	x_refsource_CONFIRM
	https://bto.bluecoat.com/security-advisory/sa114	x_refsource_CONFIRM
	https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html	vendor-advisory, x_refsource_SUSE
	https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=1293532	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479	x_refsource_CONFIRM
	https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-0176.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html	vendor-advisory, x_refsource_SUSE
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404	x_refsource_CONFIRM
	http://www.debian.org/security/2016/dsa-3480	vendor-advisory, x_refsource_DEBIAN
	https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01	x_refsource_MISC
	https://www.exploit-db.com/exploits/39454/	exploit, x_refsource_EXPLOIT-DB
	http://support.citrix.com/article/CTX206991	x_refsource_CONFIRM
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en	x_refsource_CONFIRM
	https://www.kb.cert.org/vuls/id/457759	third-party-advisory, x_refsource_CERT-VN
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958	x_refsource_CONFIRM
	https://access.redhat.com/articles/2161461	x_refsource_CONFIRM
	https://kc.mcafee.com/corporate/index?page=content&id=SB10150	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=145690841819314&w=2	vendor-advisory, x_refsource_HP
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516	x_refsource_CONFIRM
	http://seclists.org/fulldisclosure/2019/Sep/7	mailing-list, x_refsource_FULLDISC
	https://seclists.org/bugtraq/2019/Sep/7	mailing-list, x_refsource_BUGTRAQ
	http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html	x_refsource_MISC
	http://seclists.org/fulldisclosure/2021/Sep/0	mailing-list, x_refsource_FULLDISC
	http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html	x_refsource_MISC
	https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17	x_refsource_MISC
	http://seclists.org/fulldisclosure/2022/Jun/36	mailing-list, x_refsource_FULLDISC
	http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:28.440Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1035020",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035020"
          },
          {
            "name": "HPSBGN03582",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=146161017210491\u0026w=2"
          },
          {
            "name": "SUSE-SU-2016:0471",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html"
          },
          {
            "name": "RHSA-2016:0175",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0175.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18665"
          },
          {
            "name": "HPSBGN03551",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=145857691004892\u0026w=2"
          },
          {
            "name": "RHSA-2016:0225",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0225.html"
          },
          {
            "name": "FEDORA-2016-0f9e9a34ce",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161"
          },
          {
            "name": "DSA-3481",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3481"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "openSUSE-SU-2016:0510",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html"
          },
          {
            "name": "USN-2900-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-2900-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
          },
          {
            "name": "RHSA-2016:0277",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0277.html"
          },
          {
            "name": "openSUSE-SU-2016:0511",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160217-0002/"
          },
          {
            "name": "SUSE-SU-2016:0470",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/product_security/len_5450"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/research/tra-2017-08"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2016-0002.html"
          },
          {
            "name": "HPSBGN03549",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=145672440608228\u0026w=2"
          },
          {
            "name": "83265",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/83265"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
          },
          {
            "name": "GLSA-201602-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201602-02"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937"
          },
          {
            "name": "HPSBGN03547",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=145596041017029\u0026w=2"
          },
          {
            "name": "SUSE-SU-2016:0472",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html"
          },
          {
            "name": "40339",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40339/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa114"
          },
          {
            "name": "[libc-alpha] 20160216 [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html"
          },
          {
            "name": "SUSE-SU-2016:0473",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293532"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html"
          },
          {
            "name": "RHSA-2016:0176",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0176.html"
          },
          {
            "name": "FEDORA-2016-0480defc94",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html"
          },
          {
            "name": "openSUSE-SU-2016:0512",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404"
          },
          {
            "name": "DSA-3480",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3480"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01"
          },
          {
            "name": "39454",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/39454/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX206991"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en"
          },
          {
            "name": "VU#457759",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/457759"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/articles/2161461"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10150"
          },
          {
            "name": "HPSBGN03442",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=145690841819314\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516"
          },
          {
            "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Sep/7"
          },
          {
            "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Sep/7"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
          },
          {
            "name": "20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Sep/0"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17"
          },
          {
            "name": "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Jun/36"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-20T18:06:34",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "1035020",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035020"
        },
        {
          "name": "HPSBGN03582",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=146161017210491\u0026w=2"
        },
        {
          "name": "SUSE-SU-2016:0471",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html"
        },
        {
          "name": "RHSA-2016:0175",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0175.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18665"
        },
        {
          "name": "HPSBGN03551",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=145857691004892\u0026w=2"
        },
        {
          "name": "RHSA-2016:0225",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0225.html"
        },
        {
          "name": "FEDORA-2016-0f9e9a34ce",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161"
        },
        {
          "name": "DSA-3481",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3481"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "openSUSE-SU-2016:0510",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html"
        },
        {
          "name": "USN-2900-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-2900-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
        },
        {
          "name": "RHSA-2016:0277",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0277.html"
        },
        {
          "name": "openSUSE-SU-2016:0511",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20160217-0002/"
        },
        {
          "name": "SUSE-SU-2016:0470",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.lenovo.com/us/en/product_security/len_5450"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tenable.com/security/research/tra-2017-08"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2016-0002.html"
        },
        {
          "name": "HPSBGN03549",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=145672440608228\u0026w=2"
        },
        {
          "name": "83265",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/83265"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
        },
        {
          "name": "GLSA-201602-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201602-02"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937"
        },
        {
          "name": "HPSBGN03547",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=145596041017029\u0026w=2"
        },
        {
          "name": "SUSE-SU-2016:0472",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html"
        },
        {
          "name": "40339",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/40339/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa114"
        },
        {
          "name": "[libc-alpha] 20160216 [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html"
        },
        {
          "name": "SUSE-SU-2016:0473",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293532"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html"
        },
        {
          "name": "RHSA-2016:0176",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0176.html"
        },
        {
          "name": "FEDORA-2016-0480defc94",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html"
        },
        {
          "name": "openSUSE-SU-2016:0512",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404"
        },
        {
          "name": "DSA-3480",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3480"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01"
        },
        {
          "name": "39454",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/39454/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX206991"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en"
        },
        {
          "name": "VU#457759",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/457759"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://access.redhat.com/articles/2161461"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10150"
        },
        {
          "name": "HPSBGN03442",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=145690841819314\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516"
        },
        {
          "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Sep/7"
        },
        {
          "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Sep/7"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
        },
        {
          "name": "20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Sep/0"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17"
        },
        {
          "name": "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Jun/36"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-7547",
    "datePublished": "2016-02-18T21:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:28.440Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted