Attacker Value
Unknown
CVE-2015-7547
CVE-2015-7547
(Last updated October 05, 2023) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing “dual A/AAAA DNS queries” and the libnss_dns.so.2 NSS module.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
8.1 High
Impact Score:
5.9
Exploitability Score:
2.2
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High
General Information
Vendors
- canonical,
- debian,
- f5,
- gnu,
- hp,
- opensuse,
- oracle,
- redhat,
- sophos,
- suse
Products
- big-ip access policy manager 12.0.0,
- big-ip advanced firewall manager 12.0.0,
- big-ip analytics 12.0.0,
- big-ip application acceleration manager 12.0.0,
- big-ip application security manager 12.0.0,
- big-ip domain name system 12.0.0,
- big-ip link controller 12.0.0,
- big-ip local traffic manager 12.0.0,
- big-ip policy enforcement manager 12.0.0,
- debian linux 8.0,
- enterprise linux desktop 7.0,
- enterprise linux hpc node 7.0,
- enterprise linux hpc node eus 7.2,
- enterprise linux server 7.0,
- enterprise linux server aus 7.2,
- enterprise linux server eus 7.2,
- enterprise linux workstation 7.0,
- exalogic infrastructure 1.0,
- exalogic infrastructure 2.0,
- fujitsu m10 firmware,
- glibc 2.10,
- glibc 2.10.1,
- glibc 2.11,
- glibc 2.11.1,
- glibc 2.11.2,
- glibc 2.11.3,
- glibc 2.12,
- glibc 2.12.1,
- glibc 2.12.2,
- glibc 2.13,
- glibc 2.14,
- glibc 2.14.1,
- glibc 2.15,
- glibc 2.16,
- glibc 2.17,
- glibc 2.18,
- glibc 2.19,
- glibc 2.20,
- glibc 2.21,
- glibc 2.22,
- glibc 2.9,
- helion openstack 1.1.1,
- helion openstack 2.0.0,
- helion openstack 2.1.0,
- linux enterprise debuginfo 11.0,
- linux enterprise desktop 11.0,
- linux enterprise desktop 12,
- linux enterprise server 11.0,
- linux enterprise server 12,
- linux enterprise software development kit 11.0,
- linux enterprise software development kit 12,
- opensuse 13.2,
- server migration pack 7.5,
- suse linux enterprise server 12,
- ubuntu linux 12.04,
- ubuntu linux 14.04,
- ubuntu linux 15.10,
- unified threat management software 9.319,
- unified threat management software 9.355
References
Advisory
Miscellaneous
