Lucene search

Musl-libc Security Vulnerabilities

cve

CVE-2014-3484

Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid...

9.8CVSS

9.5AI Score

0.004EPSS

2020-02-20 04:15 AM

cve

CVE-2015-1817

Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors.

9.8CVSS

9.8AI Score

0.002EPSS

2017-08-18 04:29 PM

cve

CVE-2017-15650

musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.

7.5CVSS

7.6AI Score

0.004EPSS

2017-10-19 11:29 PM

cve

CVE-2019-14697

musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.

9.8CVSS

9.2AI Score

0.005EPSS

2019-08-06 04:15 PM

cve

CVE-2020-28928

In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).

5.5CVSS

5.8AI Score

0.001EPSS

2020-11-24 06:15 PM