{"id":"MGASA-2014-0262","summary":"Updated musl package fixes CVE-2014-3484","details":"Updated musl package fixes security vulnerability:\n\nA remote stack-based buffer overflow has been found in musl libc's dns\nresponse parsing code. The overflow can be triggered in programs linked\nagainst musl libc and making dns queries via one of the standard interfaces\n(getaddrinfo, getnameinfo, gethostbyname, gethostbyaddr, etc.) if one of the\nconfigured nameservers in resolv.conf is controlled by an attacker, or if an\nattacker can inject forged udp packets with control over their contents.\nDenial of service is also possible via a related failure in loop detection\n(CVE-2014-3484).\n","modified":"2026-04-16T06:25:36.844660046Z","published":"2014-06-18T17:55:16Z","upstream":["CVE-2014-3484"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0262.html"},{"type":"WEB","url":"http://seclists.org/oss-sec/2014/q2/495"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13499"}],"affected":[{"package":{"name":"musl","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/musl?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.14-2.1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0262.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}