CVE-2015-0235

Publication date 27 January 2015

Last updated 24 July 2024

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

Status

Show unmaintained releases

Package	Ubuntu Release	Status
eglibc	14.10 utopic	Not in release
	14.04 LTS trusty	Not affected
	12.04 LTS precise	Fixed 2.15-0ubuntu10.10
	10.04 LTS lucid	Fixed 2.11.1-0ubuntu7.20
glibc	14.10 utopic	Not affected
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2485-1
GNU C Library vulnerability
27 January 2015

Other references

https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd
https://wiki.sne.bianheman.eu.org/SecurityTeam/KnowledgeBase/GHOST
https://www.cve.org/CVERecord?id=CVE-2015-0235