CVE-2015-0235
eglibc - security update
EPSS 84.9%
Description
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
How to fix CVE-2015-0235
To remediate CVE-2015-0235, upgrade the affected package to a fixed version below.
- Debian/eglibc—upgrade to 2.11.3-4+deb6u4 or later
- Debian/glibc—upgrade to 2.18-1 or later
Is CVE-2015-0235 being exploited?
Likely — EPSS is 84.9%, placing CVE-2015-0235 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 2.11.3-4+deb6u4
- from 0, < 2.18-1