CVE-2017-15650 - OpenCVE

musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Musl-libc	Musl

Configuration 1 [-]

cpe:2.3:a:musl-libc:musl:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://git.musl-libc.org/cgit/musl/commit/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395
http://git.musl-libc.org/cgit/musl/tree/WHATSNEW
http://openwall.com/lists/oss-security/2017/10/19/5

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-10-19T23:00:00

Updated: 2024-08-05T19:57:27.531Z

Reserved: 2017-10-19T00:00:00

Link: CVE-2017-15650

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-10-19T23:29:00.407

Modified: 2017-11-08T16:21:30.357

Link: CVE-2017-15650

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-10-19T00:00:00", "descriptions": [{"lang": "en", "value": "musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-19T23:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://git.musl-libc.org/cgit/musl/commit/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.musl-libc.org/cgit/musl/tree/WHATSNEW"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://openwall.com/lists/oss-security/2017/10/19/5"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-15650", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://git.musl-libc.org/cgit/musl/commit/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395", "refsource": "CONFIRM", "url": "http://git.musl-libc.org/cgit/musl/commit/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395"}, {"name": "http://git.musl-libc.org/cgit/musl/tree/WHATSNEW", "refsource": "CONFIRM", "url": "http://git.musl-libc.org/cgit/musl/tree/WHATSNEW"}, {"name": "http://openwall.com/lists/oss-security/2017/10/19/5", "refsource": "CONFIRM", "url": "http://openwall.com/lists/oss-security/2017/10/19/5"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:57:27.531Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.musl-libc.org/cgit/musl/commit/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.musl-libc.org/cgit/musl/tree/WHATSNEW"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2017/10/19/5"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-15650", "datePublished": "2017-10-19T23:00:00", "dateReserved": "2017-10-19T00:00:00", "dateUpdated": "2024-08-05T19:57:27.531Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:musl-libc:musl:*:*:*:*:*:*:*:*", "matchCriteriaId": "34F11B91-B1D7-4E6F-B275-FBF4E04AA7FC", "versionEndIncluding": "1.1.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query."}, {"lang": "es", "value": "musl libc, en versiones anteriores a la 1.1.17, tiene un desbordamiento de b\u00fafer mediante respuestas DNS manipuladas, debido a que dns_parse_callback en network/lookup_name.c no restringe el n\u00famero de direcciones y, por lo tanto, un atacante puede proporcionar un n\u00famero inesperado enviando registros A en una respuesta a una consulta AAAA."}], "id": "CVE-2017-15650", "lastModified": "2017-11-08T16:21:30.357", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-19T23:29:00.407", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://git.musl-libc.org/cgit/musl/commit/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://git.musl-libc.org/cgit/musl/tree/WHATSNEW"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Mitigation", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2017/10/19/5"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}