VDB
GCVE-110-MAGEIA-2014-262
GCVE-110-MAGEIA-2014-262
Advisory Published
Updated musl package fixes security vulnerability:
A remote stack-based buffer overflow has been found in musl libc's dns
response parsing code. The overflow can be triggered in programs linked
against musl libc and making dns queries via one of the standard interfaces
(getaddrinfo, getnameinfo, gethostbyname, gethostbyaddr, etc.) if one of the
configured nameservers in resolv.conf is controlled by an attacker, or if an
attacker can inject forged udp packets with control over their contents.
Denial of service is also possible via a related failure in loop detection
(CVE-2014-3484).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | musl | 0 (affected), 0.9.14-2.1.mga4 (unaffected) | — |
Aliases
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.