Vulnerability identifier: #VU27336
Vulnerability risk: Medium
Exploitation vector: Network
Exploit availability: No
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing an invalid name length in a DNS response in __dn_expand function in network/dn_expand.c in musl libc. A remote attacker can perform a denial of service attack or execute arbitrary code on the target system.
Install update from vendor's website.
Vulnerable software versions
musl libc: 0.9.13, 0.9.14, 0.9.15, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.1.0, 1.1.1
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.