Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 19 Oct 2017 16:17:57 -0400
From: Rich Felker <>
Cc: Felix Wilhelm <>,
Subject: CVE request: musl libc 1.1.16 and earlier dns buffer overflow

Felix Wilhelm has discovered a flaw in the dns response parsing for
musl libc 1.1.16 that leads to overflow of a stack-based buffer.
Earlier versions are also affected.

When an application makes a request via getaddrinfo for both IPv4 and
IPv6 results (AF_UNSPEC), an attacker who controls or can spoof the
nameservers configured in resolv.conf can reply to both the A and AAAA
queries with A results. Since A records are smaller than AAAA records,
it's possible to fit more addresses than the precomputed bound, and a
buffer overflow occurs.

Users are advised to upgrade to 1.1.17 or patch; the patch is simple
and should apply cleanly to all recent versions:

Users who cannot patch or upgrade immediately can mitigate the issue
by running a caching nameserver on localhost and pointing resolv.conf


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ