CVE - CVE-2015-7547

CVE-ID
CVE-2015-7547	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1035020 URL:http://www.securitytracker.com/id/1035020 MISC:20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X URL:http://seclists.org/fulldisclosure/2019/Sep/7 MISC:20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X URL:https://seclists.org/bugtraq/2019/Sep/7 MISC:20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices URL:http://seclists.org/fulldisclosure/2021/Sep/0 MISC:20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series URL:http://seclists.org/fulldisclosure/2022/Jun/36 MISC:39454 URL:https://www.exploit-db.com/exploits/39454/ MISC:40339 URL:https://www.exploit-db.com/exploits/40339/ MISC:83265 URL:http://www.securityfocus.com/bid/83265 MISC:DSA-3480 URL:http://www.debian.org/security/2016/dsa-3480 MISC:DSA-3481 URL:http://www.debian.org/security/2016/dsa-3481 MISC:FEDORA-2016-0480defc94 URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html MISC:FEDORA-2016-0f9e9a34ce URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html MISC:GLSA-201602-02 URL:https://security.gentoo.org/glsa/201602-02 MISC:HPSBGN03442 URL:http://marc.info/?l=bugtraq&m=145690841819314&w=2 MISC:HPSBGN03547 URL:http://marc.info/?l=bugtraq&m=145596041017029&w=2 MISC:HPSBGN03549 URL:http://marc.info/?l=bugtraq&m=145672440608228&w=2 MISC:HPSBGN03551 URL:http://marc.info/?l=bugtraq&m=145857691004892&w=2 MISC:HPSBGN03582 URL:http://marc.info/?l=bugtraq&m=146161017210491&w=2 MISC:RHSA-2016:0175 URL:http://rhn.redhat.com/errata/RHSA-2016-0175.html MISC:RHSA-2016:0176 URL:http://rhn.redhat.com/errata/RHSA-2016-0176.html MISC:RHSA-2016:0225 URL:http://rhn.redhat.com/errata/RHSA-2016-0225.html MISC:RHSA-2016:0277 URL:http://rhn.redhat.com/errata/RHSA-2016-0277.html MISC:SUSE-SU-2016:0470 URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html MISC:SUSE-SU-2016:0471 URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html MISC:SUSE-SU-2016:0472 URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html MISC:SUSE-SU-2016:0473 URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html MISC:USN-2900-1 URL:http://ubuntu.com/usn/usn-2900-1 MISC:VU#457759 URL:https://www.kb.cert.org/vuls/id/457759 MISC:[libc-alpha] 20160216 [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow URL:https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html MISC:http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow URL:http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow MISC:http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html URL:http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html MISC:http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html URL:http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html MISC:http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html URL:http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html MISC:http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html URL:http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html MISC:http://support.citrix.com/article/CTX206991 URL:http://support.citrix.com/article/CTX206991 MISC:http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow URL:http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow MISC:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en URL:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html URL:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html MISC:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html URL:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html MISC:http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html URL:http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html MISC:http://www.vmware.com/security/advisories/VMSA-2016-0002.html URL:http://www.vmware.com/security/advisories/VMSA-2016-0002.html MISC:https://access.redhat.com/articles/2161461 URL:https://access.redhat.com/articles/2161461 MISC:https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/ URL:https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/ MISC:https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/ URL:https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/ MISC:https://bto.bluecoat.com/security-advisory/sa114 URL:https://bto.bluecoat.com/security-advisory/sa114 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1293532 URL:https://bugzilla.redhat.com/show_bug.cgi?id=1293532 MISC:https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html URL:https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html MISC:https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479 URL:https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479 MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404 MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367 MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211 MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516 MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877 MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672 MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937 MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958 MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858 MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380 MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716 MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266 MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917 MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 MISC:https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes URL:https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes MISC:https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01 URL:https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01 MISC:https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161 URL:https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161 MISC:https://kc.mcafee.com/corporate/index?page=content&id=SB10150 URL:https://kc.mcafee.com/corporate/index?page=content&id=SB10150 MISC:https://security.netapp.com/advisory/ntap-20160217-0002/ URL:https://security.netapp.com/advisory/ntap-20160217-0002/ MISC:https://sourceware.org/bugzilla/show_bug.cgi?id=18665 URL:https://sourceware.org/bugzilla/show_bug.cgi?id=18665 MISC:https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html URL:https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html MISC:https://support.lenovo.com/us/en/product_security/len_5450 URL:https://support.lenovo.com/us/en/product_security/len_5450 MISC:https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17 URL:https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17 MISC:https://www.tenable.com/security/research/tra-2017-08 URL:https://www.tenable.com/security/research/tra-2017-08 MISC:openSUSE-SU-2016:0510 URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html MISC:openSUSE-SU-2016:0511 URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html MISC:openSUSE-SU-2016:0512 URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html
Assigning CNA
Red Hat, Inc.
Date Record Created
20150929	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20150929)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE™ List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2025, The MITRE Corporation. CVE is a trademark and the CVE logo is a registered trademark of The MITRE Corporation.