Cyber Resilience

CVE-2015-0235

N/APublic PoC

Published: 28 January 2015

Published
28 January 2015
Modified
06 May 2026
KEV Added
Patch
CVSS Score N/A
EPSS Score 0.9486 99.9th percentile
Risk Priority 80 floored blend · peak EPSS

Summary

CVE-2015-0235 is a uncategorised-severity Out-of-bounds Write (CWE-787) vulnerability in Oracle Communications Policy Management. Its CVSS base score is N/A.

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

CWE(s)

Related Threats

CVEs Like This One

CVE-2025-24201Same product: Debian Debian Linux
CVE-2024-45782Same vendor: Gnu
CVE-2026-5435Same product: Gnu Glibc
CVE-2025-27363Same product: Debian Debian Linux
CVE-2026-25506Same product: Debian Debian Linux
CVE-2026-25061Same product: Debian Debian Linux
CVE-2025-30464Same vendor: Apple
CVE-2026-20616Same vendor: Apple
CVE-2025-24273Same vendor: Apple
CVE-2024-54522Same vendor: Apple

Affected Assets

gnu
glibc
2.0 — 2.18
oracle
communications application session controller
≤ 3.7.1
oracle
communications eagle application processor
16.0
oracle
communications eagle lnp application processor
10.0
oracle
communications lsms
13.1
oracle
communications policy management
10.4.1, 11.5, 12.1.1, 9.7.3, 9.9.1
oracle
communications session border controller
7.2.0, 8.0.0 · ≤ 7.2.0
oracle
communications user data repository
10.0.0 — 10.0.1
oracle
communications webrtc session controller
7.0, 7.1, 7.2
oracle
exalogic infrastructure
1.0, 2.0
+8 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References