CVE-2014-3484
CRITICALmusl 0.9.13-1.0.3 - Stack-Based Buffer Overflow in DNS Response Handling
Title source: llmDescription
Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output.
References (2)
Core 2
Core References
Mailing List, Patch, Third Party Advisory x_refsource_misc
http://seclists.org/oss-sec/2014/q2/495
Patch x_refsource_misc
http://git.musl-libc.org/cgit/musl/commit/?id=b3d9e0b94ea73c68ef4169ec82c898ce59a4e30a
Scores
CVSS v3
9.8
EPSS
0.0220
EPSS Percentile
80.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (1)
musl-libc/musl
0.9.13 - 1.0.3
Published
Feb 20, 2020
Tracked Since
Feb 18, 2026