{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-04-21T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-02T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "SUSE-SU-2015:1424", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html"}, {"name": "[libc-alpha] 20150814 The GNU C Library version 2.22 is now available", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html"}, {"name": "SUSE-SU-2016:0470", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"}, {"name": "USN-2985-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2985-2"}, {"name": "GLSA-201602-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201602-02"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=2959eda9272a03386"}, {"name": "FEDORA-2016-0480defc94", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html"}, {"name": "RHSA-2015:0863", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2015-0863.html"}, {"name": "DSA-3480", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3480"}, {"name": "USN-2985-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2985-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18287"}, {"name": "1032178", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032178"}, {"name": "74255", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/74255"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:54:15.984Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SU-2015:1424", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html"}, {"name": "[libc-alpha] 20150814 The GNU C Library version 2.22 is now available", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html"}, {"name": "SUSE-SU-2016:0470", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"}, {"name": "USN-2985-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2985-2"}, {"name": "GLSA-201602-02", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201602-02"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=2959eda9272a03386"}, {"name": "FEDORA-2016-0480defc94", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html"}, {"name": "RHSA-2015:0863", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2015-0863.html"}, {"name": "DSA-3480", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3480"}, {"name": "USN-2985-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2985-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18287"}, {"name": "1032178", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032178"}, {"name": "74255", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/74255"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-1781", "datePublished": "2015-09-28T20:00:00", "dateReserved": "2015-02-17T00:00:00", "dateUpdated": "2024-08-06T04:54:15.984Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "58D3B6FD-B474-4B09-B644-A8634A629280", "vulnerable": true}, {"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*", "matchCriteriaId": "F892F1B0-514C-42F7-90AE-12ACDFDC1033", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*", "matchCriteriaId": "17D4B6F2-514D-4BC2-B2C5-4E2FCCAC594C", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "8B072472-B463-4647-885D-E40B0115C810", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "matchCriteriaId": "57CAD5CA-C7C1-4567-8E5B-FCA4DA4D516D", "versionEndIncluding": "2.21", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer."}, {"lang": "es", "value": "Desbordamiento de buffer en gethostbyname_r y otras funciones NSS no especificadas en la librer\u00eda C de GNU (tambi\u00e9n conocida como glibc o libc6) en versiones anteriores a 2.22, permite a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (ca\u00edda) o ejecutar c\u00f3digo arbitrario a trav\u00e9s de una respuesta DNS manipulada, lo que desencadena una llamada con un buffer incorrectamente alineado."}], "id": "CVE-2015-1781", "lastModified": "2023-02-13T00:46:42.317", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-09-28T20:59:00.093", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3480"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/74255"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032178"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2985-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2985-2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2015-0863.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201602-02"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18287"}, {"source": "secalert@redhat.com", "url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=2959eda9272a03386"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Arjun Shankar (Red Hat).", "affected_release": [{"advisory": "RHSA-2015:0863", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "glibc-0:2.12-1.149.el6_6.7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-04-21T00:00:00Z"}, {"advisory": "RHSA-2015:2199", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "glibc-0:2.17-105.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-11-19T00:00:00Z"}, {"advisory": "RHSA-2015:2589", "cpe": "cpe:/o:redhat:rhel_eus:7.1", "package": "glibc-0:2.17-79.el7_1", "product_name": "Red Hat Enterprise Linux 7.1 Extended Update Support", "release_date": "2015-12-09T00:00:00Z"}], "bugzilla": {"description": "glibc: buffer overflow in gethostbyname_r() and related functions with misaligned buffer", "id": "1199525", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1199525"}, "csaw": false, "cvss": {"cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-131->CWE-119", "details": ["Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.", "A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application."], "name": "CVE-2015-1781", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2015-04-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-1781\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1781"], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Moderate"}