[dns-operations] CVE-2015-7547: glibc getaddrinfo buffer overflow

Doug Barton dougb at dougbarton.email
Tue Feb 23 17:48:18 UTC 2016

On 02/17/2016 11:05 AM, Florian Weimer wrote:
> * Robert Edmonds:

>> Is Unbound's "msg-buffer-size: 2047" an effective workaround? :-) :-(
> I didn't realize this option existed.  I'm not sure about the exact
> value to use there, but something like that should be an effective
> mitigation (if the limit really applies to all responses, including
> the last-resort handler).

It's doubtful this would help, since in almost all cases the 
vulnerability depends on doing a retry to trigger the pathological 
heap/stack switch. Or put more simply, Just one response is probably not 


More information about the dns-operations mailing list