CVE-2014-3484

Published: Feb 20, 2020

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output.

Vendor	Product	Versions
n/a	musl libc	affected `1.1x before 1.1.2` affected `0.9.13 through 1.0.3`

References

http://seclists.org/oss-sec/2014/q2/495

x_refsource_MISC

http://git.musl-libc.org/cgit/musl/commit/?id=b3d9e0b94ea73c68ef4169ec82c898ce59a4e30a

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-3484

Description

Affected Products

References