CVE-2015-7547 vulnerability, if the glibc used is below 2.23 , but does not uses getaddrinfo

Question

CVE-2015-7547 vulnerability, its mentioned,version of glibc below 2.23 are vulnerable.

if the glibc used is below 2.23 , but application does not uses getaddrinfo() function, Is the application still vulnerable?

score 3 · Accepted Answer · answered Mar 01 '16 at 13:29

3

While you might not use the function in question, some other library function might use is somewhere, which potentially opens the vulnerability for exploit.

It is therefor hard to know without actual (pen-) testing whether your application is vulnerable to this vulnerability.

answered Mar 01 '16 at 13:29

LvB

8,217
1
26
43

2

For example - the package manager relies on DNS, and may use the getaddrinfo() function from glibc. – mti2935 Mar 01 '16 at 14:53

CVE-2015-7547 vulnerability, if the glibc used is below 2.23 , but does not uses getaddrinfo

1 Answers1