CVE-2015-0235
CVE-2015-0235 is a critical-severity vulnerability in Redhat Virtualization with a CVSS 2.0 base score of 10.0. Its EPSS exploit-prediction score of 95% places it in the 100th percentile, indicating an elevated likelihood of exploitation. The underlying weakness is classified as CWE-787.
Key facts
- Severity: Critical (CVSS 2.0 base score 10.0)
- EPSS exploit prediction: 95% (100th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-787
- Affected product: Redhat Virtualization
- Published:
- Last modified:
Description
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
Frequently asked questions
- What is CVE-2015-0235?
- Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
- How severe is CVE-2015-0235?
- CVE-2015-0235 has a CVSS 2.0 base score of 10.0, rated critical severity.
- Is CVE-2015-0235 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 95% (100th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2015-0235?
- CVE-2015-0235 primarily affects Redhat Virtualization. In total, 31 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2015-0235?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- When was CVE-2015-0235 published?
- CVE-2015-0235 was published on 2015-01-28 and last updated on 2026-06-17.
References
- http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/
- http://linux.oracle.com/errata/ELSA-2015-0090.html
- http://linux.oracle.com/errata/ELSA-2015-0092.html
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
- http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
- http://marc.info/?l=bugtraq&m=142296726407499&w=2
- http://marc.info/?l=bugtraq&m=142721102728110&w=2
- http://marc.info/?l=bugtraq&m=142722450701342&w=2
- http://marc.info/?l=bugtraq&m=142781412222323&w=2
- http://marc.info/?l=bugtraq&m=143145428124857&w=2
- http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html
- http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html
- http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
- http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html
- http://rhn.redhat.com/errata/RHSA-2015-0126.html
- http://seclists.org/fulldisclosure/2015/Jan/111
- http://seclists.org/fulldisclosure/2019/Jun/18
- http://seclists.org/fulldisclosure/2021/Sep/0
- http://seclists.org/fulldisclosure/2022/Jun/36
- http://seclists.org/oss-sec/2015/q1/269
- http://seclists.org/oss-sec/2015/q1/274
- http://secunia.com/advisories/62517
- http://secunia.com/advisories/62640
- http://secunia.com/advisories/62667
- http://secunia.com/advisories/62680
- http://secunia.com/advisories/62681
- http://secunia.com/advisories/62688
Affected products (31)
- cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_eagle_application_processor:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_lsms:13.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_policy_management:9.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_policy_management:9.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_policy_management:10.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_policy_management:11.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_policy_management:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_session_border_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_session_border_controller:7.2.0:-:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_user_data_repository:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_webrtc_session_controller:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_webrtc_session_controller:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:exalogic_infrastructure:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:exalogic_infrastructure:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:7:0:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:pureapplication_system:1.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:pureapplication_system:1.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:pureapplication_system:2.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_access_manager_for_enterprise_single_sign-on:8.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
More vulnerabilities in Redhat Virtualization
- CVE-2019-10126 — Critical (CVSS 9.8): A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in…
- CVE-2019-3888 — Critical (CVSS 9.8): A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials…
- CVE-2019-10160 — Critical (CVSS 9.8): A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3…
- CVE-2019-9636 — Critical (CVSS 9.8): Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an…
- CVE-2018-17963 — Critical (CVSS 9.8): qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause…
- CVE-2017-7481 — Critical (CVSS 9.8): Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker…
All CVEs affecting Redhat Virtualization →
Other CWE-787 (Out-of-bounds Write) vulnerabilities
- CVE-2026-42369 — Critical (CVSS 10.0): GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other…
- CVE-2026-4746 — Critical (CVSS 10.0): Out-of-bounds Write vulnerability in timeplus-io proton (base/poco/Foundation/src modules). This vulnerability is…
- CVE-2025-43300 — Critical (CVSS 10.0): An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS…
- CVE-2025-24201 — Critical (CVSS 10.0): An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in…
- CVE-2024-42479 — Critical (CVSS 10.0): llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause…
- CVE-2024-39791 — Critical (CVSS 10.0): Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge…
Browse all CWE-787 (Out-of-bounds Write) vulnerabilities →
Threat intelligence
Threat-intel indicators referencing this CVE:
- 45.84.120.3 (ipv4-addr)
- 200.196.50.91 (ipv4-addr)
- 187.110.238.50 (ipv4-addr)
- 113.164.66.10 (ipv4-addr)
- 103.38.219.22 (ipv4-addr)
- 103.148.100.146 (ipv4-addr)
- 80.87.83.229 (ipv4-addr)
- 183.182.99.92 (ipv4-addr)