Vulnerabilities > Musl Libc
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-24 | CVE-2020-28928 | Out-of-bounds Write vulnerability in multiple products In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). | 5.5 |
| 2020-02-20 | CVE-2014-3484 | Out-of-bounds Write vulnerability in Musl-Libc Musl Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output. | 9.8 |
| 2019-08-06 | CVE-2019-14697 | Out-of-bounds Write vulnerability in Musl-Libc Musl musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. | 9.8 |
| 2017-10-19 | CVE-2017-15650 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Musl-Libc Musl musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query. | 7.5 |
| 2017-08-18 | CVE-2015-1817 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Musl-Libc Musl Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors. | 9.8 |