CVE-2015-0235

critical

Published 2015-01-28 · Modified 2026-05-06

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

10.0

Description

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-36421 remote linux verified

Qualys Corporation · 2015-03-18

Exim - 'GHOST' glibc gethostbyname Buffer Overflow (Metasploit)

Source code queued for fetch — refresh in a moment.

EDB-35951 dos linux

1n3 · 2015-01-29

Exim ESMTP 4.80 - glibc gethostbyname Denial of Service

Source code queued for fetch — refresh in a moment.

Metasploit modules

auxiliary_scanner/http/wordpress_ghost_scanner rank 300

WordPress XMLRPC GHOST Vulnerability Scanner

Source code queued for fetch — refresh in a moment.

exploit_linux/smtp/exim_gethostbyname_bof rank 500

Exim GHOST (glibc gethostbyname) Buffer Overflow

Source fetch failed: fetch_error — view the original via the link above.

OS impact

macOS Affected 1 release

Version	Status	Fixed in
—	Affected	`10.11.1`

Debian Mixed 7 releases

Version	Status	Fixed in
trixie	Fixed	`2.18-1`
sid	Fixed	`2.18-1`
forky	Fixed	`2.18-1`
bullseye	Fixed	`2.18-1`
bookworm	Fixed	`2.18-1`
8.0	Affected	—
7.0	Affected	—

Application impact

Vendor	Product	Versions	Fixed
gnu	glibc	`{"startIncluding":"2.0","endExcluding":"2.18"}`	`2.18`
oracle	communications_application_session_controller	`{"endExcluding":"3.7.1"}`	`3.7.1`
oracle	communications_eagle_application_processor	`16.0`
oracle	communications_eagle_lnp_application_processor	`10.0`
oracle	communications_lsms	`13.1`
oracle	communications_policy_management	`9.7.3`
oracle	communications_policy_management	`9.9.1`
oracle	communications_policy_management	`10.4.1`
oracle	communications_policy_management	`11.5`
oracle	communications_policy_management	`12.1.1`
oracle	communications_session_border_controller	`{"endExcluding":"7.2.0"}`	`7.2.0`
oracle	communications_session_border_controller	`7.2.0`
oracle	communications_session_border_controller	`8.0.0`
oracle	communications_user_data_repository	`{"startIncluding":"10.0.0","endIncluding":"10.0.1"}`
oracle	communications_webrtc_session_controller	`7.0`
oracle	communications_webrtc_session_controller	`7.1`
oracle	communications_webrtc_session_controller	`7.2`
oracle	exalogic_infrastructure	`1.0`
oracle	exalogic_infrastructure	`2.0`
oracle	vm_virtualbox	`{"endExcluding":"5.1.24"}`	`5.1.24`
redhat	virtualization	`6.0`
ibm	pureapplication_system	`1.0.0.0`
ibm	pureapplication_system	`1.1.0.0`
ibm	pureapplication_system	`2.0.0.0`
ibm	security_access_manager_for_enterprise_single_sign-on	`8.2`
php	php	`{"startIncluding":"5.4.0","endExcluding":"5.4.38"}`	`5.4.38`

References

CWEs

CWE-787

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.