Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2015-5180
HistoryAug 10, 2015 - 12:00 a.m.

CVE-2015-5180

2015-08-1000:00:00
ubuntu.com
ubuntu.com
11

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.017 Low

EPSS

Percentile

87.9%

JSON

res_query in libresolv in glibc before 2.25 allows remote attackers to
cause a denial of service (NULL pointer dereference and process crash).

Bugs

Notes

Author Note
tyhicks See test case in the bug no fix upstream as of 2016-09-09
sbeattie patch committed upstream on 2016-12-31; renames symbol so backporting may not be easy. commit included in glibc 2.25 release debian fixed this in unstable in 2.24-9 fixing this does indeed break the internal ABI between libnss_dns and libresolv. We’re backing out this change. reverted from zesty in 2.24-9ubuntu2 by infinity. For existing releases, DO NOT APPLY THIS PATCH due to ABI breakage. Fix will come in to 17.10 when we get glibc-2.25 as we do not guarantee ABI for libresolv internals across different glibc releases, just for upgrades for same versions e.g. (2.24 -> 2.24) REPEAT: DO NOT APPLY THIS PATCH (UNMODIFIED) IN A STABLE RELEASE
mdeslaur marking this issue as ignored, as we will not be fixing this in Ubuntu stable releases.

Related

nvd 1
fedora 1
symantec 1
cvelist 1
cve 1
openvas 10
nessus 19
f5 1
veracode 1
prion 1
debiancve 1
mageia 1
ibm 10
photon 1
gentoo 1
centos 1
amazon 1
redhat 1
oraclelinux 2
ubuntu 2
cloudfoundry 1
oracle 1
nvd
nvd
CVE-2015-5180
2017-06-27 20:29:00
fedora
fedora
[SECURITY] Fedora 26 Update: glibc-2.25-12.fc26
2017-10-25 23:16:57
symantec
symantec
GNU glibc CVE-2015-5180 Remote Denial of Service Vulnerability
2017-06-27 00:00:00
cvelist
cvelist
CVE-2015-5180
2017-06-27 20:00:00
cve
cve
CVE-2015-5180
2017-06-27 20:29:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:1716-1)
2021-04-19 00:00:00
Fedora Update for glibc FEDORA-2017-2c63df4fe3
2017-10-27 00:00:00
Mageia: Security Advisory (MGASA-2017-0091)
2022-01-28 00:00:00
nessus
nessus
F5 Networks BIG-IP : glibc vulnerability (K55001100)
2017-04-06 00:00:00
SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2019:1716-1)
2019-06-28 00:00:00
Fedora 26 : glibc (2017-2c63df4fe3)
2017-10-26 00:00:00
f5
f5
K55001100 : glibc vulnerability CVE-2015-5180
2017-03-13 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-16 02:50:40
prion
prion
Null pointer dereference
2017-06-27 20:29:00
debiancve
debiancve
CVE-2015-5180
2017-06-27 20:29:00
mageia
mageia
Updated glibc packages fix security vulnerability
2017-03-27 16:55:27
ibm
ibm
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in GNU C Library (CVE-2015-5180 CVE-2017-15670 CVE-2017-15804)
2023-12-07 22:45:03
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in GNU C Library (CVE-2017-15804 CVE-2017-15670 CVE-2015-5180)
2023-12-07 22:45:02
Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in GNU glibc (CVE-2017-15804 CVE-2017-15670 CVE-2015-5180)
2019-04-15 15:25:01
photon
photon
Critical Photon OS Security Update - PHSA-2017-0088
2017-11-30 00:00:00
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2017-06-20 00:00:00
centos
centos
glibc, nscd security update
2018-04-26 17:41:43
amazon
amazon
Important: glibc
2018-05-10 17:45:00
redhat
redhat
(RHSA-2018:0805) Moderate: glibc security, bug fix, and enhancement update
2018-04-10 05:01:26
oraclelinux
oraclelinux
glibc security update
2018-04-18 00:00:00
glibc security, bug fix, and enhancement update
2018-04-16 00:00:00
ubuntu
ubuntu
GNU C Library Regression
2017-03-21 00:00:00
GNU C Library vulnerabilities
2017-03-21 00:00:00
cloudfoundry
cloudfoundry
USN-3239-2: GNU C Library Regression | Cloud Foundry
2017-03-31 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2019
2020-01-22 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.017 Low

EPSS

Percentile

87.9%

JSON
Related for UB:CVE-2015-5180
nvd1fedora1symantec1cvelist1cve1openvas10nessus19f51veracode1prion1debiancve1mageia1ibm10photon1gentoo1centos1amazon1redhat1oraclelinux2ubuntu2cloudfoundry1oracle1