CVE-2017-15650

musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.
Configurations

Configuration 1 (hide)

cpe:2.3:a:musl-libc:musl:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-10-19 23:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-15650

Mitre link : CVE-2017-15650

CVE.ORG link : CVE-2017-15650


JSON object : View

Products Affected

musl-libc

  • musl
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer