(also GHOST vulnerability)
The GHOST bug is a vulnerability in the GNU C library (glibc) that allows attackers to induce a buffer overflow on Linux devices. The buffer overflow can be used to force the victim’s device to perform a wide range of actions. The GHOST bug affects glibc library.functions ‘gethostbyname()’ and ‘gethostbyname2()’ that are used to resolve domain names to their IP addresses.
The GHOST bug should not be confused with “ghost glitches” (also sometimes called “ghost bugs”) — user-reported software problems that cannot be easily reproduced by programmers.
The GHOST bug was first identified by the security firm Qualys in 2015, when its researchers found that the “__nss_hostname_digits_dots()” function could cause a buffer overflow. The term “GHOST” in “GHOST bug” was a reference to the “GetHOST” family of functions that trigger the vulnerability.