A heap-based buffer overflow may be provoked in the __nss_hostname_digits_dots() function of the GNU C Library (glibc) by which arbitrary code may be executed. The susceptible function is used by the gethostbyname() and gethostbyname2() glibc function calls. This vulnerability is commonly referred to by the name "GHOST".
The formal CVE reference is CVE-2015-0235 CVSS Scoring (Base): 10.0
All versions of glibc from 2.2, and other 2.x versions before 2.18 are vulnerable.
All products using glibc versions 2.2, and other 2.x versions before 2.18. Fujitsu is analyzing its products and will update this list below accordingly.
Affected and unaffected products (237 KB)
For Products not contained in this list, please contact your service partner.
Share this page