Skip to main content

TB019 CVE-2015-0235 "Ghost" Statement



Alert Type



CVE-2015-0235. Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST". 

The Delphix Engine is not vulnerable because the operating system in use (DxOS) does not use glibc, and does not contain the __nss_hostname_digits_dots function.  Therefore, it is not affected by this issue.