#21870: glibc CVE-2015-7547
--------------------------------+------------------------
Reporter: nooneofconsequence | Owner: developers
Type: defect | Status: new
Priority: high | Milestone:
Component: toolchain | Version: Trunk
Keywords: |
--------------------------------+------------------------
CVE-2015-7547
The Google Security Team and Red Hat discovered that the eglibc
host name resolver function, getaddrinfo, when processing
AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its
internal buffers, leading to a stack-based buffer overflow and
arbitrary code execution. This vulnerability affects most
applications which perform host name resolution using getaddrinfo,
including system services.
https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-
getaddrinfo-stack.html
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
--
Ticket URL: <https://dev.openwrt.org/ticket/21870>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
