CVE-2015-7547

HIGH EXPLOITED

GNU C Library <2.23 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2015-7547 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 14 public exploits from researchers including Google Security Research, SpeeDr00t, fjserna.

AI-analyzed exploit summary CVE-2015-7547 is a stack-based buffer overflow in glibc's DNS resolver. The exploit triggers a mismatch between stack and heap buffers during DNS response handling, leading to a crash or potential RCE.

Description

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

Exploits (14)

exploitdb WORKING POC VERIFIED
by Google Security Research · textdoslinux
https://www.exploit-db.com/exploits/39454

CVE-2015-7547 is a stack-based buffer overflow in glibc's DNS resolver. The exploit triggers a mismatch between stack and heap buffers during DNS response handling, leading to a crash or potential RCE.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: glibc (versions before 2.23)
No auth needed
Prerequisites: Control over a malicious DNS server · Victim must query the malicious DNS server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by SpeeDr00t · pythonremotelinux
https://www.exploit-db.com/exploits/40339

This exploit targets CVE-2015-7547, a stack-based buffer overflow in glibc's getaddrinfo function. It uses a malicious DNS server to trigger the vulnerability and execute shellcode for remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: glibc (versions before 2.23)
No auth needed
Prerequisites: Network access to the target · Target must perform DNS queries to the attacker-controlled server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 546 stars
by fjserna · dos
https://github.com/fjserna/CVE-2015-7547

This repository contains a functional proof-of-concept exploit for CVE-2015-7547, a vulnerability in the glibc getaddrinfo() function. The exploit includes both client and server components to trigger a stack-based buffer overflow via crafted DNS responses, leading to a denial-of-service (DoS) condition.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: glibc (versions before 2.23)
No auth needed
Prerequisites: Control over a DNS server to send crafted responses · Victim system configured to use the malicious DNS server
devstral-2 · analyzed Feb 18, 2026 Full analysis →
github WORKING POC 31 stars
by OpenSISE · cpoc
https://github.com/OpenSISE/CVE_PoC_Collect/tree/master/RCE/android/CVE-2015-7547

This repository contains a functional PoC for CVE-2015-7547, a stack-based buffer overflow in glibc's getaddrinfo() function. The exploit consists of a client and server component that manipulate DNS responses to trigger the vulnerability, leading to potential remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: glibc (versions before 2.23)
No auth needed
Prerequisites: Control over a DNS server to craft malicious responses · Victim system must use the attacker-controlled DNS server
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC 10 stars
by eSentire · dos
https://github.com/eSentire/cve-2015-7547-public

This repository contains a functional PoC attack server for CVE-2015-7547, a buffer overflow vulnerability in glibc's DNS stub resolver. The exploit demonstrates multiple attack sequences to trigger stack-based buffer overflows via crafted DNS responses, leading to crashes (e.g., stack smashing detected).

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: glibc (versions before 2.23)
No auth needed
Prerequisites: Vulnerable glibc version · Ability to intercept/modify DNS responses · Network access to target
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 8 stars
by jgajek · remote
https://github.com/jgajek/cve-2015-7547

This repository contains a functional proof-of-concept exploit for CVE-2015-7547, a buffer overflow vulnerability in the glibc DNS resolver. The exploit demonstrates multiple attack sequences to trigger stack-based buffer overflows via crafted DNS responses, leading to crashes (e.g., stack smashing detected).

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: glibc (versions prior to the fix for CVE-2015-7547)
No auth needed
Prerequisites: Vulnerable glibc version · Ability to intercept or spoof DNS responses · Configuration to use a malicious DNS server (e.g., 127.0.0.127)
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec SCANNER 5 stars
by cakuzo · poc
https://github.com/cakuzo/CVE-2015-7547

This repository contains a shell script to detect the presence of CVE-2015-7547, a glibc vulnerability affecting the getaddrinfo function. It checks installed glibc versions and RPM changelogs for patches, but does not include exploit code.

Classification
Scanner 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: glibc (versions before 2.12-1.166.el6_7.7, 2.17-2.2.4)
No auth needed
Prerequisites: Access to the target system to run the script
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 1 stars
by t0r0t0r0 · poc
https://github.com/t0r0t0r0/CVE-2015-7547

This repository contains a functional PoC for CVE-2015-7547, a vulnerability in glibc's DNS resolver that can cause a stack-based buffer overflow leading to a crash (DoS). The PoC demonstrates the crash via a malicious DNS server and client interactions, with evidence of segmentation faults in logs.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: glibc (versions prior to 2.23)
No auth needed
Prerequisites: Control over a DNS server to serve malicious responses · Victim system using vulnerable glibc version
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by Stick-U235 · dos
https://github.com/Stick-U235/CVE-2015-7547-Research

This repository contains a functional exploit for CVE-2015-7547, a stack-based buffer overflow in glibc's getaddrinfo() function. The exploit uses a crafted DNS response to trigger the vulnerability and achieve remote code execution by returning to libc and calling system() to spawn a shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: glibc (versions before 2.23)
No auth needed
Prerequisites: Network access to a vulnerable system · Ability to send crafted DNS responses
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec STUB
by Amilaperera12 · poc
https://github.com/Amilaperera12/Glibc-Vulnerability-Exploit-CVE-2015-7547

The repository contains only a minimal README with no exploit code or technical details. It is a placeholder with no functional content.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: glibc (unspecified version)
No auth needed
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by miracle03 · dos
https://github.com/miracle03/CVE-2015-7547-master

This repository contains a functional proof-of-concept exploit for CVE-2015-7547, a stack-based buffer overflow in the glibc getaddrinfo() function. The exploit includes both client and server components to trigger the vulnerability via crafted DNS responses.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: glibc (versions before 2.23)
No auth needed
Prerequisites: Control over a DNS server to send crafted responses · Target system using vulnerable glibc version
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by bluebluelan · dos
https://github.com/bluebluelan/CVE-2015-7547-proj-master

This repository contains a functional proof-of-concept exploit for CVE-2015-7547, a vulnerability in the glibc getaddrinfo() function. The exploit involves a malicious DNS server that triggers a stack-based buffer overflow via crafted DNS responses, leading to remote code execution or denial of service.

Classification
Working Poc 100%
Attack Type
Rce | Dos
Complexity
Moderate
Reliability
Reliable
Target: glibc (versions before 2.23)
No auth needed
Prerequisites: Control over a DNS server · Victim system using vulnerable glibc version · Victim application making DNS queries via getaddrinfo()
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by babykillerblack · dos
https://github.com/babykillerblack/CVE-2015-7547

This repository contains a functional proof-of-concept exploit for CVE-2015-7547, a stack-based buffer overflow in glibc's getaddrinfo function. The exploit includes both client and server components to trigger the vulnerability via crafted DNS responses.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: glibc (versions prior to the fix for CVE-2015-7547)
No auth needed
Prerequisites: Control over a DNS server to send crafted responses · Victim system configured to use the malicious DNS server
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec STUB
by rexifiles · poc
https://github.com/rexifiles/rex-sec-glibc

The repository contains minimal content related to CVE-2015-7547, with only a README and meta.yml file describing a setup and check task for glibc updates, but no actual exploit code or technical details.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: glibc
No auth needed
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (75)

Core 75
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1035020
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=146161017210491&w=2
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0175.html
Third Party Advisory x_refsource_confirm
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
Issue Tracking x_refsource_confirm
https://sourceware.org/bugzilla/show_bug.cgi?id=18665
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=145857691004892&w=2
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0225.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3481
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://ubuntu.com/usn/usn-2900-1
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0277.html
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20160217-0002/
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
Third Party Advisory x_refsource_confirm
https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=145672440608228&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/83265
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201602-02
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=145596041017029&w=2
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/40339/
Third Party Advisory x_refsource_confirm
https://bto.bluecoat.com/security-advisory/sa114
Mailing List, Vendor Advisory mailing-list x_refsource_mlist
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1293532
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0176.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3480
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39454/
Vendor Advisory x_refsource_confirm
http://support.citrix.com/article/CTX206991
Third Party Advisory x_refsource_confirm
https://access.redhat.com/articles/2161461
Third Party Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10150
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=145690841819314&w=2
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Sep/7
Mailing List mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Sep/7
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2021/Sep/0
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2022/Jun/36
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/457759
Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2017-08

Scores

CVSS v3 8.1
EPSS 0.9391
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2021-08-17
CWE
CWE-119
Status published
Products (50)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 15.10
debian/debian_linux 8.0
f5/big-ip_access_policy_manager 12.0.0
f5/big-ip_advanced_firewall_manager 12.0.0
f5/big-ip_analytics 12.0.0
f5/big-ip_application_acceleration_manager 12.0.0
f5/big-ip_application_security_manager 12.0.0
f5/big-ip_domain_name_system 12.0.0
... and 40 more
Published Feb 18, 2016
Tracked Since Feb 18, 2026