Stack-based Buffer Overflow Affecting glibc package, versions <0:2.17-106.el7_2.4
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS7-GLIBC-2061609
- published 26 Jul 2021
- disclosed 16 Feb 2016
Introduced: 16 Feb 2016
CVE-2015-7547 Open this link in a new tabHow to fix?
Upgrade Centos:7 glibc to version 0:2.17-106.el7_2.4 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Centos.
See How to fix? for Centos:7 relevant fixed versions and status.
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
References
- BID
- BUGTRAQ
- CERT-VN
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CVE-2015-7547
- DEBIAN
- DEBIAN
- EXPLOIT-DB
- EXPLOIT-DB
- FEDORA
- FEDORA
- FULLDISC
- FULLDISC
- GENTOO
- HP
- HP
- HP
- HP
- HP
- MISC
- MISC
- MISC
- MISC
- MISC
- MISC
- MLIST
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- RHSA-2016:0176
- SECTRACK
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- UBUNTU
- secalert@redhat.com
- secalert@redhat.com
- secalert@redhat.com
- Exploit DB