Описание
Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 1.1.4-1 |
| bionic | not-affected | 1.1.4-1 |
| cosmic | not-affected | 1.1.4-1 |
| devel | not-affected | 1.1.4-1 |
| disco | not-affected | 1.1.4-1 |
| esm-apps/bionic | not-affected | 1.1.4-1 |
| esm-apps/xenial | not-affected | 1.1.4-1 |
| esm-infra-legacy/trusty | released | 0.9.15-1ubuntu0.1~esm1 |
| lucid | DNE | |
| precise | DNE |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output.
Multiple stack-based buffer overflows in the __dn_expand function in n ...
Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output.
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3