|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #68925 CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow
Submitted: 2015-01-27 21:34 UTC Modified: 2015-02-01 03:17 UTC
From: Assigned: stas (profile)
Status: Closed Package: Network related
PHP Version: 5.4.37 OS: Linux glibc > 2.2
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
New email:
PHP Version: OS:


 [2015-01-27 21:34 UTC]
For full details see:

We use this function in several places where userland input can be passed as a parameter to gethostbyname(). Given that a proof of concept RCE has been developed this could cause a potential issue for users who pass user supplied input these functions.

The Case Studies section of the oss-security link shows situations where apps are vulnerable or not.

Could someone please review and see if we can mitigate any potential vulnerabilities using the same techniques. 


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2015-02-01 03:17 UTC]
-Status: Open +Status: Closed -Assigned To: +Assigned To: stas
 [2015-02-01 03:17 UTC]
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at

 For Windows:
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 05 09:01:27 2024 UTC