Palo Alto Networks Security Advisories / CVE-2015-7547

CVE-2015-7547 Glibc DNS Resolver Vulnerability


047910
Severity 8.1 · HIGH
Attack Vector NETWORK
Scope UNCHANGED
Attack Complexity HIGH
Confidentiality Impact HIGH
Privileges Required NONE
Integrity Impact HIGH
User Interaction NONE
Availability Impact HIGH
CVE JSON CSAF
Published 2016-08-15
Updated 2016-08-15
Reference 91886, PAN-SA-2016-0021

Description

A vulnerability in the GNU libc (glibc) DNS resolver allows remote code execution (CVE-2015-7547). However, this issue can be exploited only from a DNS server that is under the control of an attacker. (Ref # 91886).

This glibc issue is only exploitable by an attacker controlling the DNS server configured for the device. Furthermore, the attacker must overcome additional anti-exploitation mitigations, such as ASLR, to mount a successful attack.

This issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.7 and earlier; PAN-OS 7.1.3 and earlier

Product Status

VersionsAffectedUnaffected
PAN-OS 7.1<= 7.1.3>= 7.1.4
PAN-OS 7.0<= 7.0.7>= 7.0.8
PAN-OS 6.1<= 6.1.12>= 6.1.13
PAN-OS 6.0<= 6.0.14>= 6.0.15
PAN-OS 5.1<= 5.1.12>= 5.1.13
PAN-OS 5.0<= 5.0.19>= 5.0.20

Severity: HIGH

CVSSv3.0 Base Score: 8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Weakness Type

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Solution

PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.13 and later; PAN-OS 7.0.8 and later; PAN-OS 7.1.4 and later

Workarounds and Mitigations

This vulnerability can affect PAN-OS software only when the device is configured with a DNS server that is under the control of an attacker. Palo Alto Networks discourages configuring the device with untrusted DNS servers.

Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2025 Palo Alto Networks, Inc. All rights reserved.