edgeNEXUS Security Advisory for glibc Vulnerability (CVE-2015-0235) aka GHOSTS

Marlow, UK – 29 January 2015  A vulnerability has recently been disclosed in the glibc “gethostbyname()” function. This issue could potentially allow an attacker to inject code into a process that calls the vulnerable function. The issue is known as the GHOST vulnerability and has been assigned the following CVE identifier:


We can confirm that edgeNEXUS software contains vulnerable versions of glibc. We are continuing to monitor the situation with respect to potential exploits, however our current position is that we do not see a way to remotely exploit this vulnerability, and as such consider this a low risk.