Search the VMware Knowledge Base (KB)
View by Article ID

VMware Response to CVE-2015-0235 - glibc gethostbyname buffer overflow, aka "Ghost” (2105862)

  • 24 Ratings

Purpose

On January 27th, 2015 a buffer overflow vulnerability in the glibc gethostbyname() function was disclosed. The issue is identified by CVE-2015-0235 and was given the name “Ghost.”

The VMware Security Engineering, Communications, and Response group (vSECR) began investigating this issue immediately.

Resolution

While some VMware products do ship with the vulnerable versions of glibc, based on our current analysis VMware products are not affected by this issue. This conclusion is based on not finding a method to pass untrusted input to the vulnerable glibc function in any VMware product.

VMware products that ship with vulnerable versions of glibc will be updated in upcoming releases in accordance with our security response policy found here.

Additional Information

To be alerted when this article is updated, click Subscribe to Document in the Actions box.

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 24 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 24 Ratings
Actions
KB: