|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #68925 CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow
Submitted: 2015-01-27 21:34 UTC Modified: 2015-02-01 03:17 UTC
From: Assigned: stas (profile)
Status: Closed Package: Network related
PHP Version: 5.4.37 OS: Linux glibc > 2.2
Private report: No CVE-ID: None
 [2015-01-27 21:34 UTC]
For full details see:

We use this function in several places where userland input can be passed as a parameter to gethostbyname(). Given that a proof of concept RCE has been developed this could cause a potential issue for users who pass user supplied input these functions.

The Case Studies section of the oss-security link shows situations where apps are vulnerable or not.

Could someone please review and see if we can mitigate any potential vulnerabilities using the same techniques. 


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2015-02-01 03:17 UTC]
-Status: Open +Status: Closed -Assigned To: +Assigned To: stas
 [2015-02-01 03:17 UTC]
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at

 For Windows:
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Jul 15 05:01:29 2024 UTC