Lucene search

Veracode Vulnerability DatabaseVERACODE:25285

HistoryMay 10, 2020 - 11:23 p.m.

Denial Of Service (DoS)

2020-05-1023:23:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

musl is vulnerable to denial of service. A buffer overflow in the dns_parse_callback in network/lookup_name.c allows an attacker to crash the application via malicious DNS replies due to an unrestricted number of A record replies to an AAAA query.

CPENameOperatorVersion
musl:3.4eq1.1.14-r15
musl:3.3eq1.1.12-r7
musl:3.2eq1.1.11-r4
musl:3.4eq1.1.14-r15
musl:3.3eq1.1.12-r7
musl:3.2eq1.1.11-r4

Name	Operator	Version
musl:3.4	eq	1.1.14-r15
musl:3.3	eq	1.1.12-r7
musl:3.2	eq	1.1.11-r4
musl:3.4	eq	1.1.14-r15
musl:3.3	eq	1.1.12-r7
musl:3.2	eq	1.1.11-r4

References

git.musl-libc.org/cgit/musl/commit/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395

git.musl-libc.org/cgit/musl/tree/WHATSNEW

openwall.com/lists/oss-security/2017/10/19/5

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Related for VERACODE:25285