High severity7.5NVD Advisory· Published Oct 19, 2017· Updated May 13, 2026

CVE-2017-15650

Description

musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.

Affected products

Musl Libc/Musl
cpe:2.3:a:musl-libc:musl:*:*:*:*:*:*:*:*
Range: <=1.1.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.musl-libc.org/cgit/musl/commit/nvdVendor Advisory
git.musl-libc.org/cgit/musl/tree/WHATSNEWnvdVendor Advisory
openwall.com/lists/oss-security/2017/10/19/5nvdMailing ListMitigationThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000