musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dnsparsecallback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:musl-libc:musl:*:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"last_affected": "1.1.6"
}
],
"source": "CPE_RANGE",
"vendor_product": "musl-libc:musl"
},
{
"extracted_events": [
{
"fixed": "1.1.17"
}
],
"source": "DESCRIPTION"
}
]
}"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-15650.json"
[
{
"digest": {
"length": 789.0,
"function_hash": "65063592785737742352495545225918919199"
},
"signature_type": "Function",
"target": {
"file": "src/network/lookup_name.c",
"function": "dns_parse_callback"
},
"signature_version": "v1",
"id": "CVE-2017-15650-9cf6b4d8",
"deprecated": false,
"source": "https://git.musl-libc.org/git/musl@45ca5d3fcb6f874bf5ba55d0e9651cef68515395"
},
{
"digest": {
"line_hashes": [
"19105209796768762262057181071667862774",
"337813073784692095994138226666901462849",
"55846828187015184318840200573767133364",
"76903974613516892053616754843570385638"
],
"threshold": 0.9
},
"signature_type": "Line",
"target": {
"file": "src/network/lookup_name.c"
},
"signature_version": "v1",
"id": "CVE-2017-15650-b9f7d064",
"deprecated": false,
"source": "https://git.musl-libc.org/git/musl@45ca5d3fcb6f874bf5ba55d0e9651cef68515395"
}
]
"2026-07-07T17:01:07Z"