Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HCanonical Ubuntu
OSCanonical12.0414.0415.10Debian
OSDebian8.0F5 Big Ip Access Policy Manager
APPF512.0.0F5 Big Ip Advanced Firewall Manager
APPF512.0.0F5 Big Ip Analytics
APPF512.0.0F5 Big Ip Application Acceleration Manager
APPF512.0.0F5 Big Ip Application Security Manager
APPF512.0.0F5 Big Ip Domain Name System
APPF512.0.0F5 Big Ip Link Controller
APPF512.0.0F5 Big Ip Local Traffic Manager
APPF512.0.0F5 Big Ip Policy Enforcement Manager
APPF512.0.0Gnu Glibc
APPGnu2.102.10.12.112.11.12.11.22.11.32.122.12.12.12.22.132.142.14.12.152.162.17+ 6 więcejHP Helion Openstack
APPHp1.1.12.0.02.1.0HP Server Migration Pack
APPHp7.5Opensuse
OSOpensuse13.2Oracle Exalogic Infrastructure
APPOracle1.02.0Oracle Fujitsu M10 Firmware
OSOracle≤ 2290Red Hat Enterprise Linux Desktop
OSRedhat7.0Red Hat Enterprise Linux Hpc Node
OSRedhat7.0Red Hat Enterprise Linux Hpc Node Eus
OSRedhat7.2Red Hat Enterprise Linux Server
OSRedhat7.0Red Hat Enterprise Linux Server Aus
OSRedhat7.2Red Hat Enterprise Linux Server Eus
OSRedhat7.2Red Hat Enterprise Linux Workstation
OSRedhat7.0Sophos Unified Threat Management Software
APPSophos9.3199.355SUSE Linux Enterprise Debuginfo
APPSuse11.0SUSE Linux Enterprise Desktop
OSSuse11.012SUSE Linux Enterprise Server
OSSuse11.012SUSE Linux Enterprise Software Development Kit
OSSuse11.012SUSE Linux Enterprise Server
OSSuse12
Related vulnerabilities
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
RCE w F5 BIG-IP APM poprzez złośliwy ruch sieciowy (stack buffer overflow)
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)
Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)