oss-sec mailing list archives
CVE request: musl libc 1.1.16 and earlier dns buffer overflow
From: Rich Felker <dalias () libc org>
Date: Thu, 19 Oct 2017 16:17:57 -0400
Felix Wilhelm has discovered a flaw in the dns response parsing for musl libc 1.1.16 that leads to overflow of a stack-based buffer. Earlier versions are also affected. When an application makes a request via getaddrinfo for both IPv4 and IPv6 results (AF_UNSPEC), an attacker who controls or can spoof the nameservers configured in resolv.conf can reply to both the A and AAAA queries with A results. Since A records are smaller than AAAA records, it's possible to fit more addresses than the precomputed bound, and a buffer overflow occurs. Users are advised to upgrade to 1.1.17 or patch; the patch is simple and should apply cleanly to all recent versions: https://git.musl-libc.org/cgit/musl/patch/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395 Users who cannot patch or upgrade immediately can mitigate the issue by running a caching nameserver on localhost and pointing resolv.conf to 127.0.0.1. Rich
Current thread:
- CVE request: musl libc 1.1.16 and earlier dns buffer overflow Rich Felker (Oct 19)
- Re: CVE request: musl libc 1.1.16 and earlier dns buffer overflow Rich Felker (Oct 19)