PT-2017-4088 · Musl+2 · Musl Libc+2
Felix Wilhelm
·
Published
2017-10-18
·
Updated
2024-10-17
·
CVE-2017-15650
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
musl libc versions prior to 1.1.17
Description
The issue is related to a buffer overflow in the dns parse callback function in network/lookup name.c, which does not restrict the number of addresses. This allows an attacker to provide an unexpected number of addresses by sending A records in a reply to an AAAA query, potentially leading to a denial of service.
Recommendations
For musl libc versions prior to 1.1.17, update to version 1.1.17 or later to resolve the issue.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Ubuntu
Musl Libc