CVE-2015-7547

high

CVSS v3 Base Score

8.1

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

94.0%

Exploitation probability in 30 days

Top 0% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Confidentiality

High

Integrity

High

Availability

High

Published: February 18, 2016 (3737 days ago)

Last Modified: May 6, 2026

Vendor: F5

Source: NVD

Description

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

CWE

CWE-119

Affected Products

debian debian linuxcanonical ubuntu linuxhp helion openstackhp server migration packsophos unified threat management softwaresuse linux enterprise debuginfoopensuse opensusesuse linux enterprise desktopsuse linux enterprise serversuse linux enterprise software development kit

References

🔗 fortiguard.com 🔗 lists.fedoraproject.org 🔗 lists.fedoraproject.org 🔗 lists.opensuse.org 🔗 lists.opensuse.org

CVE-2015-7547

Vulnerability Report

Description

CWE

Affected Products

References