CVE-2015-7547
Description
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing dual A/AAAA DNS queries and the libnss_dns.so.2 NSS module.
Risk Information
Base Score
8.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
93.872
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update for Google Chrome (48.0.2564.116) | Windows |
| Update for Google Chrome x64 (48.0.2564.116) | Windows |
| GNU C Library (USN-2900-1) libc6_2.19-0ubuntu6.7_i386.deb | Linux |
| GNU C Library (USN-2900-1) libc6_2.19-0ubuntu6.7_amd64.deb | Linux |
| GNU C Library (USN-2900-1) libc6_2.21-0ubuntu4.1_i386.deb | Linux |
| GNU C Library (USN-2900-1) libc6_2.21-0ubuntu4.1_amd64.deb | Linux |
| GNU C Library (USN-2900-1) libc6_2.15-0ubuntu10.13_i386.deb | Linux |
| GNU C Library (USN-2900-1) libc6_2.15-0ubuntu10.13_amd64.deb | Linux |
| SUSE-SU-2016:0472-1(SUSE Linux Enterprise Desktop 11-SP3 ) glibc-2.11.3-17.95.2.x86_64.rpm | Linux |
| SUSE-SU-2016:0472-1(SUSE Linux Enterprise Desktop 11-SP3 ) glibc-32bit-2.11.3-17.95.2.x86_64.rpm | Linux |
| SUSE-SU-2016:0472-1(SUSE Linux Enterprise Desktop 11-SP3 ) glibc-devel-2.11.3-17.95.2.x86_64.rpm | Linux |
| SUSE-SU-2016:0472-1(SUSE Linux Enterprise Desktop 11-SP3 ) glibc-devel-32bit-2.11.3-17.95.2.x86_64.rpm | Linux |
| SUSE-SU-2016:0472-1(SUSE Linux Enterprise Server 11-SP3 ) glibc-html-2.11.3-17.95.2.x86_64.rpm | Linux |
| SUSE-SU-2016:0472-1(SUSE Linux Enterprise Desktop 11-SP3 ) glibc-i18ndata-2.11.3-17.95.2.x86_64.rpm | Linux |
| SUSE-SU-2016:0472-1(SUSE Linux Enterprise Server 11-SP3 ) glibc-info-2.11.3-17.95.2.x86_64.rpm | Linux |
| SUSE-SU-2016:0472-1(SUSE Linux Enterprise Desktop 11-SP3 ) glibc-locale-2.11.3-17.95.2.x86_64.rpm | Linux |
| SUSE-SU-2016:0472-1(SUSE Linux Enterprise Desktop 11-SP3 ) glibc-locale-32bit-2.11.3-17.95.2.x86_64.rpm | Linux |
| SUSE-SU-2016:0472-1(SUSE Linux Enterprise Server 11-SP3 ) glibc-profile-2.11.3-17.95.2.x86_64.rpm | Linux |
| SUSE-SU-2016:0472-1(SUSE Linux Enterprise Server 11-SP3 ) glibc-profile-32bit-2.11.3-17.95.2.x86_64.rpm | Linux |
| SUSE-SU-2016:0472-1(SUSE Linux Enterprise Desktop 11-SP3 ) nscd-2.11.3-17.95.2.x86_64.rpm | Linux |
| Update for Google Chrome (48.0.2564.116) (For Ubuntu) | Linux |
| Update for Google Chrome (48.0.2564.116) (For Debian) | Linux |
| Update for Google Chrome (48.0.2564.116) (For Centos) | Linux |
| Update for Google Chrome (48.0.2564.116) (For RedHat) | Linux |
| Update for Google Chrome (48.0.2564.116) (For Suse) | Linux |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Digital Content Manager (DCM) Software | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Emergency Responder | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Finesse | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Intercloud Fabric | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Jabber Guest | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco MediaSense | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Mobility Services Engine | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Paging Server | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Prime Network Registrar | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Prime Optical | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Prime Service Catalog | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco SocialMiner | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Telepresence Conductor | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco UCS Director | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Unified Intelligence Center | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Unity Connection | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Videoscape Distribution Suite Service Manager | NCM |
| Vulnerabilities CVE-2015-7547 are affected in helion_openstack 2.1.0 | NCM |
| Vulnerabilities CVE-2015-7547 are affected in server_migration_pack 7.5 | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Firepower Management Center Virtual Appliance | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Identity Services Engine | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Unified Communications Licensing | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco TelePresence Server | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco TelePresence Video Communication Server Software | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Videoscape Distribution Suite for Internet Streaming | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco 1000 Series Connected Grid Routers | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Network Level Service | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Hosted Collaboration Solution (HCS) | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco ASR 5000 Series | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Data Center Network Manager | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Application Policy Infrastructure Controller (APIC) | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Network Registrar | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Virtual Wireless Controller | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Videoscape Distribution Suite Transparent Caching | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Unified Communications Manager (CallManager) | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco IP Phone 7800 Series | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For CiscoPro Workgroup EtherSwitch Software | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Collaboration Meeting Rooms (CMR) | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Video Surveillance Manager | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco IP Phone 8800 Series | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Policy Suite for Mobile | NCM |
| Vulnerability in GNU glibc Affecting Cisco Products: February 2016 For Cisco Unified Contact Center Enterprise | NCM |
| Vulnerabilities CVE-2015-7547 are affected in unified_threat_management_software 9.319 | NCM |
| Vulnerabilities CVE-2015-7547 are affected in unified_threat_management_software 9.355 | NCM |
| Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-7547) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-303196 | Update for Google Chrome (48.0.2564.116) |
| PATCH-303222 | Update for Google Chrome x64 (48.0.2564.116) |
| PATCH-1706007 | Security Update for Cisco Digital Content Manager (DCM) Software 20.0.0 |
| PATCH-1706049 | Security Update for Cisco Emergency Responder 12.0(0.98000.50) |
| PATCH-1705887 | Security Update for Cisco Finesse 11.5(0.98000.126) |
| PATCH-1705855 | Security Update for Cisco Intercloud Fabric 3.3(1) |
| PATCH-1705783 | Security Update for Cisco Jabber Guest 10.6(11) |
| PATCH-1705879 | Security Update for Cisco MediaSense 11.5(1.10000.6) |
| PATCH-1705808 | Security Update for Cisco Mobility Services Engine 8.0(130.12) |
| PATCH-1706011 | Security Update for Cisco Paging Server 12.0(1) |
| PATCH-1705773 | Security Update for Cisco Prime Network Registrar 8.3 |
| PATCH-1706040 | Security Update for Cisco Prime Optical 10.6(1) |
| PATCH-1706010 | Security Update for Cisco Prime Service Catalog 11.1_VA_OS_Patch |
| PATCH-1704708 | Security Update for Cisco SocialMiner 12.0(0.99000.293) |
| PATCH-1705862 | Security Update for Cisco TelePresence Conductor XC4.3 |
| PATCH-1705947 | Security Update for Cisco UCS Director 6.0(1.0) |
| PATCH-1705886 | Security Update for Cisco Unified Intelligence Center 11.5(0.98000.126) |
| PATCH-1706048 | Security Update for Cisco Unity Connection 12.0(0.97000.184) |
| PATCH-1703166 | Security Update for Cisco Videoscape Distribution Suite Service Manager 2.8.1.17 |
| PATCH-1705938 | Security Update for Cisco Firepower Management Center Virtual Appliance 6.1.0.1 |
| PATCH-1706002 | Security Update for Cisco Identity Services Engine 2.0(0.905) |
| PATCH-1706042 | Security Update for Cisco Unified Communications Licensing 11.5(1.12001.2) |
| PATCH-1705960 | Security Update for Cisco TelePresence Server 4.4(1.16) |
| PATCH-1706044 | Security Update for Cisco TelePresence Video Communication Server Software X8.9.2 |
| PATCH-1705993 | Security Update for Cisco Videoscape Distribution Suite for Internet Streaming 3.11(6.2) |
| PATCH-1705873 | Security Update for Cisco 1000 Series Connected Grid Routers 15.6(3.0q)M |
| PATCH-1705206 | Security Update for Network Level Service 4.6.1(22) |
| PATCH-1706050 | Security Update for Cisco Hosted Collaboration Solution (HCS) 11.5(1.93540.24) |
| PATCH-1706032 | Security Update for Cisco ASR 5000 Series 21.3.A0.66703 |
| PATCH-1706034 | Security Update for Cisco Data Center Network Manager 10.1(1.158)S0 |
| PATCH-1706006 | Security Update for Cisco Application Policy Infrastructure Controller (APIC) 1.3(2k) |
| PATCH-1706038 | Security Update for Cisco Network Registrar 9.1 |
| PATCH-1705937 | Security Update for Cisco Virtual Wireless Controller 8.3(15.155) |
| PATCH-1706026 | Security Update for CAF-1.2.0.0 |
| PATCH-1706016 | Security Update for Cisco Unified Communications Manager (CallManager) CUP.11.5(1.12900.25) |
| PATCH-1705975 | Security Update for Cisco IP Phone 7800 Series 11.7(1) |
| PATCH-1706035 | Security Update for CiscoPro Workgroup EtherSwitch Software 6.0(2)A8(4) |
| PATCH-1706045 | Security Update for Cisco Video Surveillance Manager 7.10 |
| PATCH-1705974 | Security Update for Cisco IP Phone 8800 Series 11.7(1)SC2 |
| PATCH-1705812 | Security Update for Cisco Policy Suite for Mobile 8.1.0 |
| PATCH-1705943 | Security Update for Cisco Unified Contact Center Enterprise 11.6(1)SR0(0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234