Lucene search

[email protected]CVE-2017-15650

HistoryOct 19, 2017 - 11:29 p.m.

CVE-2017-15650

2017-10-1923:29:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2017-15650

musl libc

buffer overflow

dns

nvd

security vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

73.6%

JSON

musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.

CPENameOperatorVersion
musl-libc:muslmusl-libc muslle1.1.6

CPE	Name	Operator	Version
musl-libc:musl	musl-libc musl	le	1.1.6

References

git.musl-libc.org/cgit/musl/commit/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395

git.musl-libc.org/cgit/musl/tree/WHATSNEW

openwall.com/lists/oss-security/2017/10/19/5

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

73.6%

JSON

Related for CVE-2017-15650

veracode1 osv2 ubuntucve1 alpinelinux1 prion1 archlinux1 debiancve1 nessus1 ubuntu1 ibm1