Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-28928 | 4 Debian, Fedoraproject, Musl-libc and 1 more | 4 Debian Linux, Fedora, Musl and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). | |||||
CVE-2019-14697 | 1 Musl-libc | 1 Musl | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code. | |||||
CVE-2017-15650 | 1 Musl-libc | 1 Musl | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query. | |||||
CVE-2015-1817 | 1 Musl-libc | 1 Musl | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors. | |||||
CVE-2014-3484 | 1 Musl-libc | 1 Musl | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output. |