Search for vulnerabilities
Vulnerability details: VCID-mbha-r89p-aaaf
Vulnerability ID VCID-mbha-r89p-aaaf
Aliases CVE-2015-1781
Summary Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-131 Incorrect Calculation of Buffer Size
System Score Found at
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1781.html
rhas Moderate https://access.redhat.com/errata/RHSA-2015:0863
rhas Moderate https://access.redhat.com/errata/RHSA-2015:2199
rhas Important https://access.redhat.com/errata/RHSA-2015:2589
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.05081 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07648 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.07725 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.08167 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.08167 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.08167 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.08167 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.08167 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.08167 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.08167 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.08167 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.08167 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.08167 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.08167 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.08167 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.12903 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
epss 0.12903 https://api.first.org/data/v1/epss?cve=CVE-2015-1781
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1199525
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8121
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1781
generic_textual High https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8776
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8777
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8778
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8779
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2015-1781
generic_textual Low https://ubuntu.com/security/notices/USN-2985-1
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Reference id Reference type URL
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1781.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1781.json
https://api.first.org/data/v1/epss?cve=CVE-2015-1781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8121
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8776
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8777
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8778
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8779
https://rhn.redhat.com/errata/RHSA-2015-0863.html
https://security.gentoo.org/glsa/201602-02
https://sourceware.org/bugzilla/show_bug.cgi?id=18287
https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=2959eda9272a03386
https://sourceware.org/git/?p=glibc.git;a=commit;h=2959eda9272a03386
https://ubuntu.com/security/notices/USN-2985-1
https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html
http://www.debian.org/security/2016/dsa-3480
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/74255
http://www.securitytracker.com/id/1032178
http://www.ubuntu.com/usn/USN-2985-1
http://www.ubuntu.com/usn/USN-2985-2
1199525 https://bugzilla.redhat.com/show_bug.cgi?id=1199525
796105 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796105
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
CVE-2015-1781 https://nvd.nist.gov/vuln/detail/CVE-2015-1781
RHSA-2015:0863 https://access.redhat.com/errata/RHSA-2015:0863
RHSA-2015:2199 https://access.redhat.com/errata/RHSA-2015:2199
RHSA-2015:2589 https://access.redhat.com/errata/RHSA-2015:2589
USN-2985-1 https://usn.ubuntu.com/2985-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2015-1781
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.89218
EPSS Score 0.05081
Published At May 10, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.