CVE-2017-15650: Buffer Overflow
Published Oct 19, 2017
·Updated
Last updated 24 July 2024
Other sources
musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dnsparsecallback in network/lookupname.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.
Affected Software
2 affected componentsFixes available
debian/musl
1.2.2-11.2.3-11.2.5-1.1
Musl-libc Musl<=1.1.6
Event History
Oct 19, 2017
CVE Published
via MITRE·11:00 PM
Data Sourced
via MITRE·11:00 PM
Description
Aug 5, 2024
Data Sourced
via Launchpad·12:41 PM
Description
Sep 14, 2024
Data Sourced
via Ubuntu·12:45 PM
RemedyDescriptionSeverityAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2017-15650?
CVE-2017-15650 is classified as a medium severity vulnerability due to the potential for a buffer overflow.
2
How do I fix CVE-2017-15650?
To mitigate CVE-2017-15650, update musl libc to version 1.1.17 or later.
3
What software is affected by CVE-2017-15650?
CVE-2017-15650 affects musl libc versions prior to 1.1.17, including the earlier versions like 1.1.6.
4
What type of vulnerability is CVE-2017-15650?
CVE-2017-15650 is a buffer overflow vulnerability related to DNS parsing.
5
Can CVE-2017-15650 be exploited remotely?
Yes, CVE-2017-15650 can be exploited remotely through crafted DNS replies.