A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.
Find out more about CVE-2015-0235 from the MITRE CVE dictionary dictionary and NIST NVD.
| Base Score | 6.8 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux Advanced Update Support 6.2 (glibc) | RHSA-2015:0099 | 2015-01-28 |
| Red Hat Enterprise Linux 5 (glibc) | RHSA-2015:0090 | 2015-01-27 |
| Red Hat Enterprise Linux EUS (v. 5.9 server) (glibc) | RHSA-2015:0099 | 2015-01-28 |
| Red Hat Enterprise Linux Extended Lifecycle Support 4 (glibc) | RHSA-2015:0101 | 2015-01-28 |
| RHEV Hypervisor for RHEL-6 (rhev-hypervisor6) | RHSA-2015:0126 | 2015-02-04 |
| Red Hat Enterprise Linux 7 (glibc) | RHSA-2015:0092 | 2015-01-27 |
| Red Hat Enterprise Linux Extended Update Support 6.5 (glibc) | RHSA-2015:0099 | 2015-01-28 |
| Red Hat Enterprise Linux Long Life (v. 5.6 server) (glibc) | RHSA-2015:0099 | 2015-01-28 |
| Red Hat Enterprise Linux Extended Update Support 6.4 (glibc) | RHSA-2015:0099 | 2015-01-28 |
| Red Hat Enterprise Linux 6 (glibc) | RHSA-2015:0092 | 2015-01-27 |
Vulmon