CVE-2017-15650 - OpenCVE

musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Musl-libc	Musl

Configuration 1 [-]

cpe:2.3:a:musl-libc:musl:*:*:*:*:*:*:*:*

References

Link	Resource
http://git.musl-libc.org/cgit/musl/commit/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395	Vendor Advisory
http://git.musl-libc.org/cgit/musl/tree/WHATSNEW	Vendor Advisory
http://openwall.com/lists/oss-security/2017/10/19/5	Mailing List Mitigation Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-10-19T23:00:00

Updated: 2017-10-19T23:57:01

Reserved: 2017-10-19T00:00:00

Link: CVE-2017-15650

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-10-19T23:29:00.407

Modified: 2017-11-08T16:21:30.357

Link: CVE-2017-15650

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-10-19T00:00:00", "descriptions": [{"lang": "en", "value": "musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-19T23:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://git.musl-libc.org/cgit/musl/commit/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.musl-libc.org/cgit/musl/tree/WHATSNEW"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://openwall.com/lists/oss-security/2017/10/19/5"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-15650", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://git.musl-libc.org/cgit/musl/commit/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395", "refsource": "CONFIRM", "url": "http://git.musl-libc.org/cgit/musl/commit/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395"}, {"name": "http://git.musl-libc.org/cgit/musl/tree/WHATSNEW", "refsource": "CONFIRM", "url": "http://git.musl-libc.org/cgit/musl/tree/WHATSNEW"}, {"name": "http://openwall.com/lists/oss-security/2017/10/19/5", "refsource": "CONFIRM", "url": "http://openwall.com/lists/oss-security/2017/10/19/5"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-15650", "datePublished": "2017-10-19T23:00:00", "dateReserved": "2017-10-19T00:00:00", "dateUpdated": "2017-10-19T23:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:musl-libc:musl:*:*:*:*:*:*:*:*", "matchCriteriaId": "34F11B91-B1D7-4E6F-B275-FBF4E04AA7FC", "versionEndIncluding": "1.1.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query."}, {"lang": "es", "value": "musl libc, en versiones anteriores a la 1.1.17, tiene un desbordamiento de b\u00fafer mediante respuestas DNS manipuladas, debido a que dns_parse_callback en network/lookup_name.c no restringe el n\u00famero de direcciones y, por lo tanto, un atacante puede proporcionar un n\u00famero inesperado enviando registros A en una respuesta a una consulta AAAA."}], "id": "CVE-2017-15650", "lastModified": "2017-11-08T16:21:30.357", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-19T23:29:00.407", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://git.musl-libc.org/cgit/musl/commit/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://git.musl-libc.org/cgit/musl/tree/WHATSNEW"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Mitigation", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2017/10/19/5"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}