HIGH✓ PATCH🇬🇧 English

CVE-2015-7547

CVSS 8.1v3.0pub. 2016-02-18upd. 2026-05-06

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Canonical Ubuntu

    OS
    Canonical
    12.0414.0415.10
  • Debian

    OS
    Debian
    8.0
  • F5 Big Ip Access Policy Manager

    APP
    F5
    12.0.0
  • F5 Big Ip Advanced Firewall Manager

    APP
    F5
    12.0.0
  • F5 Big Ip Analytics

    APP
    F5
    12.0.0
  • F5 Big Ip Application Acceleration Manager

    APP
    F5
    12.0.0
  • F5 Big Ip Application Security Manager

    APP
    F5
    12.0.0
  • F5 Big Ip Domain Name System

    APP
    F5
    12.0.0
  • F5 Big Ip Link Controller

    APP
    F5
    12.0.0
  • F5 Big Ip Local Traffic Manager

    APP
    F5
    12.0.0
  • F5 Big Ip Policy Enforcement Manager

    APP
    F5
    12.0.0
  • Gnu Glibc

    APP
    Gnu
    2.102.10.12.112.11.12.11.22.11.32.122.12.12.12.22.132.142.14.12.152.162.17+ 6 więcej
  • HP Helion Openstack

    APP
    Hp
    1.1.12.0.02.1.0
  • HP Server Migration Pack

    APP
    Hp
    7.5
  • Opensuse

    OS
    Opensuse
    13.2
  • Oracle Exalogic Infrastructure

    APP
    Oracle
    1.02.0
  • Oracle Fujitsu M10 Firmware

    OS
    Oracle
    ≤ 2290
  • Red Hat Enterprise Linux Desktop

    OS
    Redhat
    7.0
  • Red Hat Enterprise Linux Hpc Node

    OS
    Redhat
    7.0
  • Red Hat Enterprise Linux Hpc Node Eus

    OS
    Redhat
    7.2
  • Red Hat Enterprise Linux Server

    OS
    Redhat
    7.0
  • Red Hat Enterprise Linux Server Aus

    OS
    Redhat
    7.2
  • Red Hat Enterprise Linux Server Eus

    OS
    Redhat
    7.2
  • Red Hat Enterprise Linux Workstation

    OS
    Redhat
    7.0
  • Sophos Unified Threat Management Software

    APP
    Sophos
    9.3199.355
  • SUSE Linux Enterprise Debuginfo

    APP
    Suse
    11.0
  • SUSE Linux Enterprise Desktop

    OS
    Suse
    11.012
  • SUSE Linux Enterprise Server

    OS
    Suse
    11.012
  • SUSE Linux Enterprise Software Development Kit

    OS
    Suse
    11.012
  • SUSE Linux Enterprise Server

    OS
    Suse
    12
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
RCEDoSMemory
CWE
Referencje

Powiązane podatności

CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt

GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER

CVE-2025-53521CRITICAL9.3⚠ KEVPL ✓ten sam produkt

RCE w F5 BIG-IP APM poprzez złośliwy ruch sieciowy (stack buffer overflow)

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt

RCE przez deserializację PHP w Roundcube Webmail (parametr _from)

CVE-2025-32433CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)