Vulnerability Description
Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Musl-Libc | Musl | >= 0.9.13, <= 1.0.3 |
Related Weaknesses (CWE)
References
- http://git.musl-libc.org/cgit/musl/commit/?id=b3d9e0b94ea73c68ef4169ec82c898ce59Patch
- http://seclists.org/oss-sec/2014/q2/495Mailing ListPatchThird Party Advisory
- http://git.musl-libc.org/cgit/musl/commit/?id=b3d9e0b94ea73c68ef4169ec82c898ce59Patch
- http://seclists.org/oss-sec/2014/q2/495Mailing ListPatchThird Party Advisory
FAQ
What is CVE-2014-3484?
CVE-2014-3484 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact v...
How severe is CVE-2014-3484?
CVE-2014-3484 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2014-3484?
Check the references section above for vendor advisories and patch information. Affected products include: Musl-Libc Musl.