Skip to main content

Home GHOST bug


(also GHOST vulnerability)

GHOST bug definition

The GHOST bug is a vulnerability in the GNU C library (glibc) that allows attackers to induce a buffer overflow on Linux devices. The buffer overflow can be used to force the victim’s device to perform a wide range of actions. The GHOST bug affects glibc library.functions 'gethostbyname()' and 'gethostbyname2()' that are used to resolve domain names to their IP addresses.

The GHOST bug should not be confused with “ghost glitches” (also sometimes called “ghost bugs”) — user-reported software problems that cannot be easily reproduced by programmers.

History of the GHOST bug

The GHOST bug was first identified by the security firm Qualys in 2015, when its researchers found that the “__nss_hostname_digits_dots()” function could cause a buffer overflow. The term “GHOST” in “GHOST bug” was a reference to the “GetHOST” family of functions that trigger the vulnerability.

Stopping the GHOST bug

  • The affected library was patched in 2013, before the vulnerability was discovered. The GHOST bug does not affect new Linux devices.
  • Older Linux devices should update their glibc to eliminate the GHOST bug.
  • Linux distributions have also produced security patches for potentially affected devices shortly after the discovery of the GHOST bug. If you are using a pre-2013 Linux device, visit your Linux distribution’s website and download the latest security patch.