Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong hostnames (leading to domain hijacking) or injection into applications (leading to remote code execution, XSS, applications crashes, etc.). In other words, a validation step, which is expected in any stub resolver, does not occur.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
uclibc-ng 跨站脚本漏洞
Vulnerability Description
uclibc-ng是一个应用系统。用于Linux的小型C库。 uClibc 和 uClibc-ng 1.0.39 之前的版本中存在安全漏洞,该漏洞源于 DNS 服务器通过 gethostbyname、getaddrinfo、gethostbyaddr 和 getnameinfo 返回的域名中的特殊字符处理不当,导致输出错误的主机名(导致域劫持)或注入应用程序(导致远程代码执行、XSS、应用程序崩溃等)。
CVSS Information
N/A
Vulnerability Type
N/A