musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dnsparsecallback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.
{ "binaries": [ { "binary_name": "musl", "binary_version": "1.1.9-1ubuntu0.1~esm2" }, { "binary_name": "musl-dev", "binary_version": "1.1.9-1ubuntu0.1~esm2" }, { "binary_name": "musl-tools", "binary_version": "1.1.9-1ubuntu0.1~esm2" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }