CVE-2014-3484
Published: 20 February 2020
Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output.
From the Ubuntu Security Team
It was discovered that musl did not properly handle the parsing of DNS response codes. An remote attacker could use this vulnerability to cause resource consumption (infinite loop), denial of service, or possibly execute arbitrary code.
Priority
Status
Package | Release | Status |
---|---|---|
musl Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(1.1.4-1)
|
bionic |
Not vulnerable
(1.1.4-1)
|
|
cosmic |
Not vulnerable
(1.1.4-1)
|
|
disco |
Not vulnerable
(1.1.4-1)
|
|
lucid |
Does not exist
|
|
precise |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Released
(0.9.15-1ubuntu0.1~esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(1.0.3 and 1.1.2)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Not vulnerable
(1.1.4-1)
|
|
wily |
Not vulnerable
(1.1.4-1)
|
|
xenial |
Not vulnerable
(1.1.4-1)
|
|
yakkety |
Not vulnerable
(1.1.4-1)
|
|
zesty |
Not vulnerable
(1.1.4-1)
|
|
Patches: upstream: http://git.musl-libc.org/cgit/musl/commit/?id=b3d9e0b94ea73c68ef4169ec82c898ce59a4e30a |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |