Vulnerabilities > CVE-2014-3484 - Out-of-bounds Write vulnerability in Musl-Libc Musl

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

musl-libc

CWE-787

critical

NVD

Published: 2020-02-20

Updated: 2020-02-28

Summary

Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output.

Vulnerable Configurations

Part	Description	Count
Application	Musl-Libc Musl Libc Musl 1.1.0 Musl Libc Musl 1.1.1 Musl Libc Musl 0.9.13 Musl Libc Musl 0.9.14 Musl Libc Musl 0.9.15 Musl Libc Musl 1.0.0 Musl Libc Musl 1.0.1 Musl Libc Musl 1.0.2 Musl Libc Musl 1.0.3	11

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References