CVE-2014-3484

Name	CVE-2014-3484
Description	Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	750815

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
musl (PTS)	bullseye	1.2.2-1	fixed
	bookworm	1.2.3-1	fixed
	sid, trixie	1.2.5-1.1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
musl	source	(unstable)	1.1.4-1			750815