Main
Vulnerability Database
Exploits
ID:2438 - Exploit for Stack-based buffer overflow in Glibc - CVE-2015-7547
ID:2438 - Exploit for Stack-based buffer overflow in Glibc - CVE-2015-7547
Published: April 7, 2020
Vulnerability identifier: #VU2544
Vulnerability risk: High
CVE-ID: CVE-2015-7547
CWE-ID: CWE-121
Exploitation vector: Remote access
Vulnerable software:
Glibc
Glibc
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to stack-based buffer overflow in in the (1) send_dg and (2) send_vc functions in the libresolv library. A remote attacker can use a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module, cause memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to stack-based buffer overflow in in the (1) send_dg and (2) send_vc functions in the libresolv library. A remote attacker can use a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module, cause memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update to version 2.23.