Musl Libc

musl-libc

6 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-26519 1Musl Libc 1Musl Dec 10, 2025 Feb 14, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.
CVE-2020-28928 4Debian FedoraprojectMusl Libc+1 more 4Debian Linux FedoraGraalvm+1 more Nov 21, 2024 Nov 24, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).
CVE-2014-3484 1Musl Libc 1Musl Nov 21, 2024 Feb 20, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name l...Show more Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output.Show less
CVE-2019-14697 1Musl Libc 1Musl Nov 21, 2024 Aug 6, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an appli...Show more musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.Show less
CVE-2017-15650 1Musl Libc 1Musl May 13, 2026 Oct 19, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number b...Show more musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.Show less
CVE-2015-1817 1Musl Libc 1Musl May 13, 2026 Aug 18, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors.