CVE-2015-7547

Name of the Vulnerable Software and Affected Versions glibc versions prior to 2.23

Description The issue is related to multiple stack-based buffer overflows in the send dg and send vc functions of the libresolv library in glibc. This can be exploited by a remote attacker to cause a denial of service or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF UNSPEC or AF INET6 address family. The exploitation may involve sending specially crafted DNS queries, leading to a buffer overflow condition.

Recommendations For glibc versions prior to 2.23, update to version 2.23 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable libresolv library or disabling the use of the send dg and send vc functions until a patch is available. Additionally, avoid using the getaddrinfo function with the AF UNSPEC or AF INET6 address family in the affected API endpoints until the issue is resolved.