VIR Vulnerability Intelligence Relay

CVE-2015-0235

critical
Published 2015-01-28 · Modified 2026-05-06
CVSS v3
CVSS v2
10.0
VIR risk
10.0

Description

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2015-0235

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed2.18-1
debian debianbullseyefixed2.18-1
debian debianforkyfixed2.18-1
debian debiansidfixed2.18-1
debian debiantrixiefixed2.18-1
debian debian7.0affected
debian debian8.0affected
macos macosaffected10.11.1

Application impact
VendorProductVersionsFixed
gnuglibc{"startIncluding":"2.0","endExcluding":"2.18"}2.18
oracle oraclecommunications_application_session_controller{"endExcluding":"3.7.1"}3.7.1
oracle oraclecommunications_eagle_application_processor16.0
oracle oraclecommunications_eagle_lnp_application_processor10.0
oracle oraclecommunications_lsms13.1
oracle oraclecommunications_policy_management9.7.3
oracle oraclecommunications_policy_management9.9.1
oracle oraclecommunications_policy_management10.4.1
oracle oraclecommunications_policy_management11.5
oracle oraclecommunications_policy_management12.1.1
oracle oraclecommunications_session_border_controller{"endExcluding":"7.2.0"}7.2.0
oracle oraclecommunications_session_border_controller7.2.0
oracle oraclecommunications_session_border_controller8.0.0
oracle oraclecommunications_user_data_repository{"startIncluding":"10.0.0","endIncluding":"10.0.1"}
oracle oraclecommunications_webrtc_session_controller7.0
oracle oraclecommunications_webrtc_session_controller7.1
oracle oraclecommunications_webrtc_session_controller7.2
oracle oracleexalogic_infrastructure1.0
oracle oracleexalogic_infrastructure2.0
oracle oraclevm_virtualbox{"endExcluding":"5.1.24"}5.1.24
redhat redhatvirtualization6.0
ibm ibmpureapplication_system1.0.0.0
ibm ibmpureapplication_system1.1.0.0
ibm ibmpureapplication_system2.0.0.0
ibm ibmsecurity_access_manager_for_enterprise_single_sign-on8.2
php phpphp{"startIncluding":"5.4.0","endExcluding":"5.4.38"}5.4.38

References

CWEs

CWE-787

Verify integrity in audit chain (admin only). AS-IS.