← volver
CVE-2015-7547

CVE-2015-7547

EPSS 89.6%◆ VulnCheck KEV
Vexday Risk Score
75Prioridad alta
Decisión SSVC (CISA)
Act
Explotación + impacto → acción inmediata
Madurez del exploit
Arma lista
PoC popular en GitHub (544 estrellas) — código de explotación ampliamente disponible.
CVSS EPSS 89.6%KEV nãoPoC públicaNuclei Metasploit Patch referenciado
Ciclo de vida
10 feb 2016PoC pública
18 feb 2016Publicada en NVD
Recomendación: Corregir cuanto antes — hay explotación activa confirmada.
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
Productos afectados
n/a · n/a
PoCs públicas encontradas29
githubgithub.com/fjserna/CVE-2015-7547544githubgithub.com/eSentire/cve-2015-7547-public10githubgithub.com/jgajek/cve-2015-75478githubgithub.com/cakuzo/CVE-2015-75475githubgithub.com/t0r0t0r0/CVE-2015-75471githubgithub.com/miracle03/CVE-2015-7547-master0githubgithub.com/Stick-U235/CVE-2015-7547-Research0githubgithub.com/Amilaperera12/Glibc-Vulnerability-Exploit-CVE-2015-75470githubgithub.com/bluebluelan/CVE-2015-7547-proj-master0githubgithub.com/babykillerblack/CVE-2015-75470githubgithub.com/rexifiles/rex-sec-glibc0vulncheckvulncheck.com/xdb/b99728f6c6e2no verificadovulncheckvulncheck.com/xdb/e789fb086b1fno verificadovulncheckvulncheck.com/xdb/a972b421d0c1no verificadovulncheckvulncheck.com/xdb/6ca51ee2343eno verificadovulncheckvulncheck.com/xdb/1dc3a463272eno verificadovulncheckvulncheck.com/xdb/356972add841no verificadocve_referencepacketstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.htmlno verificadovulncheckvulncheck.com/xdb/bb7c175544abno verificadocve_referencepacketstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.htmlno verificadocve_referencepacketstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.htmlno verificadocve_referencepacketstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.htmlno verificadocve_referencewww.exploit-db.com/exploits/39454/no verificadocve_referencewww.exploit-db.com/exploits/40339/no verificadoexploitdbwww.exploit-db.com/exploits/39454no verificadoexploitdbwww.exploit-db.com/exploits/40339no verificadovulncheckvulncheck.com/xdb/5802082611f4no verificadovulncheckvulncheck.com/xdb/048e7854f0cano verificadovulncheckvulncheck.com/xdb/9aca57789b8bno verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.