Skip to main content
Delphix

TB019 CVE-2015-0235 "Ghost" Statement

 

 

Alert Type

Security

Overview

CVE-2015-0235. Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST". 

The Delphix Engine is not vulnerable because the operating system in use (DxOS) does not use glibc, and does not contain the __nss_hostname_digits_dots function.  Therefore, it is not affected by this issue.