CVE-2015-7547: CVE-2015-7547

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2015-7547

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

GNU C Library 缓冲区错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

GNU C Library（glibc，libc6）是一种按照LGPL许可协议发布的开源免费的C语言编译程序。 GNU C Library 2.23之前版本存在缓冲区错误漏洞。攻击者利用该漏洞导致系统拒绝服务（崩溃）或通过特制的DNS响应触发任意代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2015-7547

#	POC Description	Source Link	Shenlong Link
1	Proof of concept for CVE-2015-7547	https://github.com/fjserna/CVE-2015-7547	POC Details
2	test script for CVE-2015-7547	https://github.com/cakuzo/CVE-2015-7547	POC Details
3	None	https://github.com/t0r0t0r0/CVE-2015-7547	POC Details
4	glibc check and update in light of CVE-2015-7547	https://github.com/rexifiles/rex-sec-glibc	POC Details
5	glibc getaddrinfo stack-based buffer overflow	https://github.com/babykillerblack/CVE-2015-7547	POC Details
6	PoC exploit server for CVE-2015-7547	https://github.com/jgajek/cve-2015-7547	POC Details
7	PoC attack server for CVE-2015-7547 buffer overflow vulnerability in glibc DNS stub resolver (public version)	https://github.com/eSentire/cve-2015-7547-public	POC Details
8	None	https://github.com/bluebluelan/CVE-2015-7547-proj-master	POC Details
9	loudong	https://github.com/miracle03/CVE-2015-7547-master	POC Details
10	CVE-2015-7547 initial research.	https://github.com/Stick-U235/CVE-2015-7547-Research	POC Details
11	Glibc-Vulnerability-Exploit-CVE-2015-7547	https://github.com/Amilaperera12/Glibc-Vulnerability-Exploit-CVE-2015-7547	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2015-7547

Please Login to view more intelligence information

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266x_refsource_CONFIRM
https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10150x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367x_refsource_CONFIRM
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161x_refsource_CONFIRM
https://sourceware.org/bugzilla/show_bug.cgi?id=18665x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937x_refsource_CONFIRM
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.htmlx_refsource_MISC
https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17x_refsource_MISC
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380x_refsource_CONFIRM
http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflowx_refsource_CONFIRM
https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01x_refsource_MISC
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/x_refsource_CONFIRM
https://support.lenovo.com/us/en/product_security/len_5450x_refsource_CONFIRM
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479x_refsource_CONFIRM
http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.htmlx_refsource_MISC
http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.htmlx_refsource_MISC
http://www.vmware.com/security/advisories/VMSA-2016-0002.htmlx_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1293532x_refsource_CONFIRM
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixesx_refsource_CONFIRM
http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflowx_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722x_refsource_CONFIRM
http://support.citrix.com/article/CTX206991x_refsource_CONFIRM
https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.htmlx_refsource_MISC
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlx_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672x_refsource_CONFIRM
https://access.redhat.com/articles/2161461x_refsource_CONFIRM
http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.htmlx_refsource_MISC
https://bto.bluecoat.com/security-advisory/sa114x_refsource_CONFIRM
https://www.tenable.com/security/research/tra-2017-08x_refsource_MISC
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-enx_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/83265vdb-entryx_refsource_BID
https://www.exploit-db.com/exploits/39454/exploitx_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/40339/exploitx_refsource_EXPLOIT-DB
http://www.securitytracker.com/id/1035020vdb-entryx_refsource_SECTRACK
http://www.debian.org/security/2016/dsa-3481vendor-advisoryx_refsource_DEBIAN
http://www.debian.org/security/2016/dsa-3480vendor-advisoryx_refsource_DEBIAN
https://www.kb.cert.org/vuls/id/457759third-party-advisoryx_refsource_CERT-VN
http://ubuntu.com/usn/usn-2900-1vendor-advisoryx_refsource_UBUNTU
http://marc.info/?l=bugtraq&m=145690841819314&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=146161017210491&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=145672440608228&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=145596041017029&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=145857691004892&w=2vendor-advisoryx_refsource_HP
https://security.gentoo.org/glsa/201602-02vendor-advisoryx_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2016-0175.htmlvendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0176.htmlvendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0225.htmlvendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0277.htmlvendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.htmlvendor-advisoryx_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.htmlvendor-advisoryx_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.htmlvendor-advisoryx_refsource_FEDORA
http://seclists.org/fulldisclosure/2021/Sep/0mailing-listx_refsource_FULLDISC
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.htmlmailing-listx_refsource_MLIST
http://seclists.org/fulldisclosure/2019/Sep/7mailing-listx_refsource_FULLDISC
https://seclists.org/bugtraq/2019/Sep/7mailing-listx_refsource_BUGTRAQ
http://seclists.org/fulldisclosure/2022/Jun/36mailing-listx_refsource_FULLDISC
https://nvd.nist.gov/vuln/detail/CVE-2015-7547

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2015-7547

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2015-7547

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2015-7547

III. Intelligence Information for CVE-2015-7547

IV. Related Vulnerabilities

V. Comments for CVE-2015-7547

Leave a comment