{"id":"CVE-2017-15650","details":"musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.","modified":"2026-04-11T04:38:13.273156Z","published":"2017-10-19T23:29:00.407Z","references":[{"type":"ADVISORY","url":"http://git.musl-libc.org/cgit/musl/tree/WHATSNEW"},{"type":"ADVISORY","url":"http://openwall.com/lists/oss-security/2017/10/19/5"},{"type":"ADVISORY","url":"http://git.musl-libc.org/cgit/musl/commit/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395"}],"affected":[{"ranges":[{"type":"GIT","repo":"http://git.musl-libc.org/git/musl","events":[{"introduced":"0"},{"last_affected":"996d148bf14b477b07fa3691bffeb930c67b2b62"},{"fixed":"45ca5d3fcb6f874bf5ba55d0e9651cef68515395"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.1.6"}]}}],"versions":["v0.5.0","v0.5.9","v0.6.0","v0.7.0","v0.7.1","v0.7.10","v0.7.11","v0.7.12","v0.7.5","v0.7.6","v0.7.7","v0.7.8","v0.7.9","v0.8.0","v0.8.1","v0.8.10","v0.8.2","v0.8.3","v0.8.4","v0.8.5","v0.8.6","v0.8.7","v0.8.8","v0.8.9","v0.9.0","v0.9.1","v0.9.10","v0.9.11","v0.9.12","v0.9.13","v0.9.14","v0.9.15","v0.9.2","v0.9.3","v0.9.4","v0.9.5","v0.9.6","v0.9.7","v0.9.8","v0.9.9","v1.0.0","v1.1.0","v1.1.1","v1.1.10","v1.1.11","v1.1.12","v1.1.13","v1.1.14","v1.1.15","v1.1.16","v1.1.2","v1.1.3","v1.1.4","v1.1.5","v1.1.6","v1.1.7","v1.1.8","v1.1.9"],"database_specific":{"vanir_signatures":[{"id":"CVE-2017-15650-0c40b056","deprecated":false,"target":{"file":"src/network/lookup_name.c"},"signature_type":"Line","source":"http://git.musl-libc.org/git/musl@45ca5d3fcb6f874bf5ba55d0e9651cef68515395","signature_version":"v1","digest":{"line_hashes":["19105209796768762262057181071667862774","337813073784692095994138226666901462849","55846828187015184318840200573767133364","76903974613516892053616754843570385638"],"threshold":0.9}},{"id":"CVE-2017-15650-82c2c8f5","deprecated":false,"target":{"file":"src/network/lookup_name.c","function":"dns_parse_callback"},"signature_type":"Function","source":"http://git.musl-libc.org/git/musl@45ca5d3fcb6f874bf5ba55d0e9651cef68515395","signature_version":"v1","digest":{"function_hash":"65063592785737742352495545225918919199","length":789}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15650.json","vanir_signatures_modified":"2026-04-11T04:38:13Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}