Musl-Libc: >> Musl >> 0.9.12 Security Vulnerabilities
In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).
CVSS Score
5.5
EPSS Score
0.0
Published
2020-11-24
musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.
CVSS Score
9.8
EPSS Score
0.002
Published
2019-08-06
musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.
CVSS Score
7.5
EPSS Score
0.006
Published
2017-10-19