CVE-2017-15650Improper Restriction of Operations within the Bounds of a Memory Buffer in Musl

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 29.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Musl-libc Musl
Timeline
PublishedOct 19
Latest updateMay 17

Description

musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Debianmusl-libc/musl< 1.1.17-1+3
NVDmusl-libc/musl1.1.6

🔴Vulnerability Details

3
GHSA
GHSA-p2mj-x9rf-q85j: musl libc before 12022-05-17
CVEList
CVE-2017-15650: musl libc before 12017-10-19
OSV
CVE-2017-15650: musl libc before 12017-10-19

📋Vendor Advisories

2
Ubuntu
musl vulnerabilities2021-03-15
Debian
CVE-2017-15650: musl - musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dn...2017
CVE-2017-15650 — Musl-libc Musl vulnerability | cvebase