CVE-2017-15650

Published: 19/10/2017 Updated: 08/11/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

musl libc prior to 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.

Vulnerable Product	Search on Vulmon	Subscribe to Product
musl-libc musl

A stack-based buffer overflow has been found in the DNS response parsing code of musl libc <= 1116 When an application makes a request via getaddrinfo for both IPv4 and IPv6 results (AF_UNSPEC), an attacker who controls or can spoof the nameservers configured in resolvconf can reply to both the A and AAAA queries with A results Since A reco ...

Checks a given docker image against alpine-secdb

Alpine scan A simple tool to compare a given docker image against the alpine-secdb which is Alpine's official source of security updates Dependencies ruby bundler git (used to clone alpine-secdb) an internet connection (used to clone alpine-secdb) Usage $ bundle install $ docker pull library/alpine:latest latest: Pulling from library/alpine b56ae66c2937: Pulling fs lay

CWE-119 http://openwall.com/lists/oss-security/2017/10/19/5 http://git.musl-libc.org/cgit/musl/tree/WHATSNEW http://git.musl-libc.org/cgit/musl/commit/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395 https://nvd.nist.gov https://github.com/heathd/alpine-scan https://security.archlinux.org/CVE-2017-15650

CVE-2017-15650

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect