CVE-2014-3484

Name of the Vulnerable Software and Affected Versions musl libc versions 0.9.13 through 1.0.3 musl libc versions 1.1.x before 1.1.2

Description The issue is related to multiple stack-based buffer overflows in the dn expand function, which can be triggered by an invalid name length in a DNS response. This can allow remote attackers to have an unspecified impact or cause a denial of service (crash), related to an infinite loop with no output.

Recommendations For musl libc versions 0.9.13 through 1.0.3, update to version 1.0.4 or later. For musl libc versions 1.1.x before 1.1.2, update to version 1.1.2 or later. As a temporary workaround, consider restricting the use of the dn expand function in the network/dn expand.c file until a patch is available.