Vulnerabilities (CVE)

Filtered by vendor Musl-libc Subscribe
Filtered by product Musl
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-15650 1 Musl-libc 1 Musl 2024-11-21 5.0 MEDIUM 7.5 HIGH
musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.
CVE-2015-1817 1 Musl-libc 1 Musl 2024-11-21 7.5 HIGH 9.8 CRITICAL
Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors.
CVE-2020-28928 4 Debian, Fedoraproject, Musl-libc and 1 more 4 Debian Linux, Fedora, Musl and 1 more 2024-02-04 2.1 LOW 5.5 MEDIUM
In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).
CVE-2014-3484 1 Musl-libc 1 Musl 2024-02-04 7.5 HIGH 9.8 CRITICAL
Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output.
CVE-2019-14697 1 Musl-libc 1 Musl 2024-02-04 7.5 HIGH 9.8 CRITICAL
musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.