VYPR

musl libc

by Musl Libc

CVEs (5)

  • CVE-2015-1817CriAug 18, 2017
    risk 0.64cvss 9.8epss 0.02

    Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors.

  • CVE-2016-8859CriFeb 13, 2017
    risk 0.64cvss 9.8epss 0.03

    Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write.

  • CVE-2017-15650HigOct 19, 2017
    risk 0.49cvss 7.5epss 0.02

    musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.

  • CVE-2020-28928Nov 24, 2020
    risk 0.00cvss epss 0.01

    In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).

  • CVE-2014-3484Feb 20, 2020
    risk 0.00cvss epss 0.02

    Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service…