Skip to content
Vol. 1 · Ed. 2026
CyberGlossary
English
Entry № 492

GHOST Vulnerability (CVE-2015-0235)

Reviewed byCybersecurity entrepreneur & security researcher

What is GHOST Vulnerability (CVE-2015-0235)?

GHOST Vulnerability (CVE-2015-0235)A 2015 heap buffer overflow in the GNU C Library (glibc) gethostbyname functions that could be triggered remotely to execute arbitrary code on Linux systems.

GHOST (CVE-2015-0235) is a heap-based buffer overflow in the __nss_hostname_digits_dots() helper used by gethostbyname() and gethostbyname2() in glibc 2.2 through 2.17. By passing a carefully crafted hostname-like string (long, numeric, with dots), an attacker can overwrite four to eight bytes on the heap. Qualys demonstrated remote code execution against the Exim mail server in 2015, even though many other applications were technically exploitable but harder to weaponise. The bug had been fixed upstream in May 2013 but not classified as a security issue, so many long-term-support distributions remained vulnerable. Defences: update glibc to a patched version (2.18+) and reboot or restart affected services; prefer getaddrinfo() over gethostbyname() in new code.

Examples

  1. 01

    Exploiting the Exim SMTP server with a long HELO argument to gain remote code execution via GHOST.

  2. 02

    Mass patching of Linux servers in early 2015 after Qualys's GHOST advisory.

Frequently asked questions

What is GHOST Vulnerability (CVE-2015-0235)?

A 2015 heap buffer overflow in the GNU C Library (glibc) gethostbyname functions that could be triggered remotely to execute arbitrary code on Linux systems. It belongs to the Vulnerabilities category of cybersecurity.

What does GHOST Vulnerability (CVE-2015-0235) mean?

A 2015 heap buffer overflow in the GNU C Library (glibc) gethostbyname functions that could be triggered remotely to execute arbitrary code on Linux systems.

How do you defend against GHOST Vulnerability (CVE-2015-0235)?

Defences for GHOST Vulnerability (CVE-2015-0235) typically combine technical controls and operational practices, as detailed in the full definition above.

What are other names for GHOST Vulnerability (CVE-2015-0235)?

Common alternative names include: CVE-2015-0235, glibc gethostbyname overflow.

Related terms