GHOST (CVE-2015-0235)

GHOST is a buffer overflow in glibc's gethostbyname() that affected Linux systems globally in 2015.

Definition

GHOST (CVE-2015-0235) is a heap-based buffer overflow in glibc's `gethostbyname()` and `gethostbyname2()` functions, present in glibc 2.2 through 2.17. The bug is in the parsing of dotted-quad IPv4 addresses: a sufficiently long numeric-only hostname overflows the destination buffer. The exploitability surface depends on where `gethostbyname` is reached from untrusted input; Exim's HELO parsing was the most notable practical target.

Mitigation

Patch glibc to 2.18 or later.

See also

References