Search for packages
| purl | pkg:deb/ubuntu/musl@1.1.16-3 |
| Next non-vulnerable version | 1.1.23-2build1 |
| Latest non-vulnerable version | 1.1.23-2build1 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-gpw2-43be-aaag
Aliases: CVE-2016-8859 |
Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write. |
Affected by 1 other vulnerability. |
|
VCID-kppj-ay2n-aaap
Aliases: CVE-2019-14697 |
musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code. |
Affected by 0 other vulnerabilities. |
|
VCID-svkm-2b47-aaaq
Aliases: CVE-2017-15650 |
musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query. |
Affected by 2 other vulnerabilities. |
|
VCID-z25y-bsee-aaac
Aliases: CVE-2018-1000001 |
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|