Every CVE whose affected-product data names Musl-libc Musl, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2014-3484 — CVSS 9.8 (critical): Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through…
CVE-2015-1817 — CVSS 9.8 (critical): Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7…
CVE-2019-14697 — CVSS 9.8 (critical): musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of…
CVE-2025-26519 — CVSS 8.1 (high): musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of…
CVE-2017-15650 — CVSS 7.5 (high): musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict…
CVE-2020-28928 — CVSS 5.5 (medium): In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as…