MidnightBSD

Advisories for musl-libc

CVE-2014-3484 HIGH

Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
musl-libc musl *
CVE-2015-1817 HIGH

Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
musl-libc musl 1.0.0
musl-libc musl 1.1.3
musl-libc musl 0.9.15
musl-libc musl 1.1.0
musl-libc musl 1.0.2
musl-libc musl 1.0.1
musl-libc musl 1.1.4
musl-libc musl 1.1.7
musl-libc musl 1.0.3
musl-libc musl 1.0.4
musl-libc musl 1.1.1
musl-libc musl 1.1.5
musl-libc musl 1.1.6
musl-libc musl 1.1.2
CVE-2017-15650 MEDIUM

musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
musl-libc musl *
CVE-2019-14697 HIGH

musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
musl-libc musl *
CVE-2020-28928 LOW

In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-787,

Products Affected

Vendor Product Version
musl-libc musl *
fedoraproject fedora 33
debian debian_linux 9.0
oracle graalvm 21.1.0
oracle graalvm 20.3.2
fedoraproject fedora 34
CVE-2025-26519

musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.1 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L 1.4 6.0

Products Affected

Vendor Product Version
musl-libc musl *