VYPR
Vendor

Musl Libc

Products
2
CVEs
7
Across products
10
Status
Private

Products

2

Recent CVEs

7
  • CVE-2014-3484CriFeb 20, 2020
    risk 0.64cvss 9.8epss 0.02

    Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service…

  • CVE-2015-1817CriAug 18, 2017
    risk 0.64cvss 9.8epss 0.02

    Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors.

  • CVE-2016-8859CriFeb 13, 2017
    risk 0.64cvss 9.8epss 0.03

    Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write.

  • CVE-2017-15650HigOct 19, 2017
    risk 0.49cvss 7.5epss 0.02

    musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.

  • CVE-2020-28928MedNov 24, 2020
    risk 0.36cvss 5.5epss 0.01

    In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).

  • CVE-2025-26519Feb 14, 2025
    risk 0.00cvss epss 0.00

    musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.

  • CVE-2012-2114Aug 31, 2012
    risk 0.00cvss epss 0.02

    Stack-based buffer overflow in fprintf in musl before 0.8.8 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string to an unbuffered stream such as stderr.