CVE-2014-3484

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output.

Múltiples desbordamientos de búfer en la región stack de la memoria en la función __dn_expand en el archivo network/dn_expand.c en musl libc versiones 1.1x anteriores a 1.1.2 y versiones 0.9.13 anteriores a 1.0.3, permiten a atacantes remotos (1) tener un impacto no especificado por medio de una longitud de nombre no válida en una respuesta DNS o (2) causar una denegación de servicio (bloqueo) por medio de una longitud de nombre no válida en una respuesta DNS, relacionada con un bucle infinito sin salida.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-05-14 CVE Reserved
2020-02-20 CVE Published
2023-10-19 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
http://git.musl-libc.org/cgit/musl/commit/?id=b3d9e0b94ea73c68ef4169ec82c898ce59a4e30a	2020-02-28
http://seclists.org/oss-sec/2014/q2/495	2020-02-28

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Musl-libc Search vendor "Musl-libc"		Musl Search vendor "Musl-libc" for product "Musl"				>= 0.9.13 <= 1.0.3 Search vendor "Musl-libc" for product "Musl" and version " >= 0.9.13 <= 1.0.3"		-		Affected
Musl-libc Search vendor "Musl-libc"		Musl Search vendor "Musl-libc" for product "Musl"				>= 1.1.0 < 1.1.2 Search vendor "Musl-libc" for product "Musl" and version " >= 1.1.0 < 1.1.2"		-		Affected