Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-201710-28
HistoryOct 21, 2017 - 12:00 a.m.

[ASA-201710-28] musl: arbitrary code execution

2017-10-2100:00:00
security.archlinux.org
10

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

73.6%

JSON

Arch Linux Security Advisory ASA-201710-28

Severity: Critical
Date : 2017-10-21
CVE-ID : CVE-2017-15650
Package : musl
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-457

Summary

The package musl before version 1.1.17-1 is vulnerable to arbitrary
code execution.

Resolution

Upgrade to 1.1.17-1.

pacman -Syu “musl>=1.1.17-1”

The problem has been fixed upstream in version 1.1.17.

Workaround

Using a local, trusted DNS resolver mitigates the issue.

Description

A stack-based buffer overflow has been found in the DNS response
parsing code of musl libc <= 1.1.16. When an application makes a
request via getaddrinfo for both IPv4 and IPv6 results (AF_UNSPEC), an
attacker who controls or can spoof the nameservers configured in
resolv.conf can reply to both the A and AAAA queries with A results.
Since A records are smaller than AAAA records, it’s possible to fit
more addresses than the precomputed bound, and a buffer overflow
occurs.

Impact

A remote attacker who controls or can spoof the nameservers configured
in resolv.conf can execute arbitrary code on the affected host.

References

http://seclists.org/oss-sec/2017/q4/107
https://git.musl-libc.org/cgit/musl/commit/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395
https://security.archlinux.org/CVE-2017-15650

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanymusl< 1.1.17-1UNKNOWN

Related

veracode 1
osv 2
ubuntucve 1
cve 1
alpinelinux 1
prion 1
debiancve 1
nessus 1
openvas 1
ubuntu 1
ibm 1
veracode
veracode
Denial Of Service (DoS)
2020-05-10 23:23:59
osv
osv
CVE-2017-15650
2017-10-19 23:29:00
musl vulnerabilities
2021-03-15 20:10:13
ubuntucve
ubuntucve
CVE-2017-15650
2017-10-19 00:00:00
cve
cve
CVE-2017-15650
2017-10-19 23:29:00
alpinelinux
alpinelinux
CVE-2017-15650
2017-10-19 23:29:00
prion
prion
Buffer overflow
2017-10-19 23:29:00
debiancve
debiancve
CVE-2017-15650
2017-10-19 23:29:00
nessus
nessus
Ubuntu 16.04 ESM : musl vulnerabilities (USN-4768-1)
2023-10-20 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4768-1)
2023-01-27 00:00:00
ubuntu
ubuntu
musl vulnerabilities
2021-03-15 00:00:00
ibm
ibm
Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private
2018-07-20 18:56:04

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

73.6%

JSON
Related for ASA-201710-28
veracode1osv2ubuntucve1cve1alpinelinux1prion1debiancve1nessus1openvas1ubuntu1ibm1