CVE-2015-1781
eglibc - security update
EPSS 4.8%
Description
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.
How to fix CVE-2015-1781
To remediate CVE-2015-1781, upgrade the affected package to a fixed version below.
- Debian/eglibc—upgrade to 2.11.3-4+deb6u6 or later
- Debian/glibc—upgrade to 2.19-20 or later
Is CVE-2015-1781 being exploited?
Low — EPSS is 4.8%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.11.3-4+deb6u6
- from 0, < 2.19-20