Vulnerabilites related to libevent_project - libevent
Vulnerability from fkie_nvd
Published
2017-03-15 15:59
Modified
2025-04-20 01:37
Severity ?
Summary
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libevent_project | libevent | * | |
| debian | debian_linux | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libevent_project:libevent:*:*:*:*:*:*:*:*", matchCriteriaId: "469B6003-26EE-4332-A275-EB8FB208C484", versionEndIncluding: "2.1.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.", }, { lang: "es", value: "La función name_parse en evdns.c en libevent en versiones anteriores a 2.1.6-beta permite a atacantes remotos tener un impacto no especificado a través de vectores que implican la variable label_len, lo que desencadena una lectura de pila fuera de los límites.", }, ], id: "CVE-2016-10195", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-15T15:59:00.390", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2017/dsa-3789", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2017/01/31/17", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2017/02/02/7", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96014", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038320", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1104", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1106", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1201", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/libevent/libevent/issues/317", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201705-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2017/dsa-3789", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2017/01/31/17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2017/02/02/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96014", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038320", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1201", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/libevent/libevent/issues/317", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201705-01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-15 15:59
Modified
2025-04-20 01:37
Severity ?
Summary
Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 8.0 | |
| libevent_project | libevent | * | |
| mozilla | firefox | * | |
| mozilla | firefox | 52.0 | |
| mozilla | firefox_esr | * | |
| mozilla | thunderbird | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libevent_project:libevent:*:*:*:*:*:*:*:*", matchCriteriaId: "469B6003-26EE-4332-A275-EB8FB208C484", versionEndIncluding: "2.1.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", matchCriteriaId: "83FECC93-8DC3-41D0-8E53-45E1F4D53321", versionEndExcluding: "53.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:52.0:*:*:*:*:*:*:*", matchCriteriaId: "1C00F05B-5B10-401D-8C5E-517FAF7BCFE4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", matchCriteriaId: "58F03A98-1317-4A15-BAB3-AC045AA9AAE9", versionEndExcluding: "45.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", matchCriteriaId: "762A750E-2FFF-48F5-941A-99ED9FC2549B", versionEndExcluding: "52.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.", }, { lang: "es", value: "Desbordamiento de búfer en la función evutil_parse_sockaddr_port en evutil.c en libevent en versiones anteriores a 2.1.6-beta permite a atacantes provocar una denegación de servicio (fallo de segmentación) a través de vectores que implican una cadena larga entre corchetes en el argumento ip_as_string.", }, ], id: "CVE-2016-10196", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-15T15:59:00.437", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2017/dsa-3789", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2017/01/31/17", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2017/02/02/7", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96014", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038320", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1104", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1106", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1201", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1343453", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/libevent/libevent/issues/318", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201705-01", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.mozilla.org/security/advisories/mfsa2017-10/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.mozilla.org/security/advisories/mfsa2017-11/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.mozilla.org/security/advisories/mfsa2017-12/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.mozilla.org/security/advisories/mfsa2017-13/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2017/dsa-3789", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2017/01/31/17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2017/02/02/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96014", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038320", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1201", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1343453", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/libevent/libevent/issues/318", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201705-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.mozilla.org/security/advisories/mfsa2017-10/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.mozilla.org/security/advisories/mfsa2017-11/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.mozilla.org/security/advisories/mfsa2017-12/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.mozilla.org/security/advisories/mfsa2017-13/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-08-24 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 7.1 | |
| libevent_project | libevent | 2.0.1 | |
| libevent_project | libevent | 2.0.2 | |
| libevent_project | libevent | 2.0.3 | |
| libevent_project | libevent | 2.0.4 | |
| libevent_project | libevent | 2.0.5 | |
| libevent_project | libevent | 2.0.6 | |
| libevent_project | libevent | 2.0.7 | |
| libevent_project | libevent | 2.0.8 | |
| libevent_project | libevent | 2.0.9 | |
| libevent_project | libevent | 2.0.10 | |
| libevent_project | libevent | 2.0.11 | |
| libevent_project | libevent | 2.0.12 | |
| libevent_project | libevent | 2.0.13 | |
| libevent_project | libevent | 2.0.14 | |
| libevent_project | libevent | 2.0.15 | |
| libevent_project | libevent | 2.0.16 | |
| libevent_project | libevent | 2.0.17 | |
| libevent_project | libevent | 2.0.18 | |
| libevent_project | libevent | 2.0.19 | |
| libevent_project | libevent | 2.0.20 | |
| libevent_project | libevent | 2.0.21 | |
| libevent_project | libevent | 2.1.1 | |
| libevent_project | libevent | 2.1.2 | |
| libevent_project | libevent | 2.1.3 | |
| libevent_project | libevent | 2.1.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*", matchCriteriaId: "7B21E9A8-CE63-42C2-A11A-94D977A96DF1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C0D7F7F3-5FA4-4812-B52E-A3A98BB395F4", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9CDEE68F-FAE7-4F6A-BAE4-CB749459FC53", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0F7716AC-3D51-4987-90B1-814ACA065932", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "31792597-A8B3-4F22-9013-2103AA0170C0", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "9CDB0FC3-958E-4E9E-A366-8661BF84D588", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "6598FFC5-6C18-487B-BEA5-9D291A5D4EA1", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "412E95EF-906D-4523-9820-6D145EDFA00D", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "CA715BA0-A989-407D-B5CA-B288D470D889", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "5F7C2E29-43FF-4539-B952-3FED67779579", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "6EF813B8-EEF9-425B-90B7-944E3FD3A03E", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "F264AD63-C439-4DDE-A64A-F1CC3F9EE445", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.12:*:*:*:*:*:*:*", matchCriteriaId: "A85D90CC-71BA-41D5-A283-221E9793CC35", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.13:*:*:*:*:*:*:*", matchCriteriaId: "CEF0A64A-A290-4670-A975-03A38808E2FA", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "B5E1FDA8-05D9-4368-8396-E9AED85B1919", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "D210003F-B3DE-4964-8F1F-58AB1F75AFF0", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.16:*:*:*:*:*:*:*", matchCriteriaId: "28B95E3A-356D-41BC-94DE-EF7018F0E430", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.17:*:*:*:*:*:*:*", matchCriteriaId: "1D5C29DA-FC46-40E1-84BA-3D4AA4E915E4", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.18:*:*:*:*:*:*:*", matchCriteriaId: "712FC1B9-F0C0-49BC-9E70-ADB2C18C442D", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.19:*:*:*:*:*:*:*", matchCriteriaId: "0221BF5A-0E2C-4A3D-BF78-87A971BE1936", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.20:*:*:*:*:*:*:*", matchCriteriaId: "BCDCBAF3-A5F9-470B-9829-C26994BFBB29", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.21:*:*:*:*:*:*:*", matchCriteriaId: "4DEF0BCB-FAAC-4B92-BE12-A0741FFBE9AD", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "86B978BE-1156-4C0A-A151-CC6E5ACE75BB", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "5A059287-BB94-4FC2-962B-EF1DBBF7D8FA", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.1.3:*:*:*:*:*:*:*", matchCriteriaId: "78620372-0ACD-4863-B29E-8A5E6049A538", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.1.4:*:*:*:*:*:*:*", matchCriteriaId: "64A02886-DA11-4E95-B18E-563577B7BE0A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via \"insanely large inputs\" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions.", }, { lang: "es", value: "Vulnerabilidad de desbordamientos de entero múltiple en la API evbuffer en Libevent 2.0.x en versiones anteriores a 2.0.22 y 2.1.x en versiones anteriores a 2.1.5-beta, permite a atacantes dependientes del contexto causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de 'entradas increíblemente grandes' en la función (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space o (5) evbuffer_read, lo que desencadena un desbordamiento de buffer basado en memoria dinámica o un bucle infinito. NOTA: este identificador ha sido SEPARADO de CVE-2014-6272 por ADT3 debido a las diferentes versiones afectadas.", }, ], id: "CVE-2015-6525", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-08-24T14:59:14.133", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://archives.seul.org/libevent/users/Jan-2015/msg00010.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2015/dsa-3119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://archives.seul.org/libevent/users/Jan-2015/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2015/dsa-3119", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-189", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-08-24 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libevent_project:libevent:1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "CC21E065-90A0-4E76-9C23-01E5B747FE43", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "55D109B0-47AA-4DDE-B109-6D1AAC7E0A94", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "D9963F55-8805-4AD9-A131-97C32F74E269", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "799BA8C0-FA55-47B6-BCF2-751268CC13A3", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "EF9EAD2E-B743-4EE0-A35D-56C93FB1D444", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:1.4.5:*:*:*:*:*:*:*", matchCriteriaId: "A170BBB7-CEA1-4EC1-942D-F8C93706B53A", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:1.4.6:*:*:*:*:*:*:*", matchCriteriaId: "F4BD5F84-D94A-4A35-B1FA-8367FF4A7E81", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:1.4.7:*:*:*:*:*:*:*", matchCriteriaId: "1738D9DA-BF26-4BB0-9841-9C0280DCCD9A", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:1.4.8:*:*:*:*:*:*:*", matchCriteriaId: "AD2576C6-EF0C-44A7-B100-DC29847BE78D", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:1.4.9:*:*:*:*:*:*:*", matchCriteriaId: "4B83CDFB-457E-4A40-BEF6-50A3D1BD034B", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:1.4.10:*:*:*:*:*:*:*", matchCriteriaId: "BF06509C-3919-44F5-88EE-585EE95B5CF4", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:1.4.11:*:*:*:*:*:*:*", matchCriteriaId: "590D9910-E6D4-4D95-978B-7915EDBA08D1", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:1.4.12:*:*:*:*:*:*:*", matchCriteriaId: "BA6C91B0-E21E-4DB6-B8FD-67085234C51A", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:1.4.13:*:*:*:*:*:*:*", matchCriteriaId: "EE0424D5-298E-4B64-9340-ECD22B5704DF", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:1.4.14:*:*:*:*:*:*:*", matchCriteriaId: "3363046F-8F29-4037-9C46-0FA74C6AF58D", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C0D7F7F3-5FA4-4812-B52E-A3A98BB395F4", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9CDEE68F-FAE7-4F6A-BAE4-CB749459FC53", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0F7716AC-3D51-4987-90B1-814ACA065932", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "31792597-A8B3-4F22-9013-2103AA0170C0", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "9CDB0FC3-958E-4E9E-A366-8661BF84D588", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "6598FFC5-6C18-487B-BEA5-9D291A5D4EA1", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "412E95EF-906D-4523-9820-6D145EDFA00D", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "CA715BA0-A989-407D-B5CA-B288D470D889", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "5F7C2E29-43FF-4539-B952-3FED67779579", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "6EF813B8-EEF9-425B-90B7-944E3FD3A03E", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "F264AD63-C439-4DDE-A64A-F1CC3F9EE445", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.12:*:*:*:*:*:*:*", matchCriteriaId: "A85D90CC-71BA-41D5-A283-221E9793CC35", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.13:*:*:*:*:*:*:*", matchCriteriaId: "CEF0A64A-A290-4670-A975-03A38808E2FA", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "B5E1FDA8-05D9-4368-8396-E9AED85B1919", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "D210003F-B3DE-4964-8F1F-58AB1F75AFF0", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.16:*:*:*:*:*:*:*", matchCriteriaId: "28B95E3A-356D-41BC-94DE-EF7018F0E430", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.17:*:*:*:*:*:*:*", matchCriteriaId: "1D5C29DA-FC46-40E1-84BA-3D4AA4E915E4", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.18:*:*:*:*:*:*:*", matchCriteriaId: "712FC1B9-F0C0-49BC-9E70-ADB2C18C442D", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.19:*:*:*:*:*:*:*", matchCriteriaId: "0221BF5A-0E2C-4A3D-BF78-87A971BE1936", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.20:*:*:*:*:*:*:*", matchCriteriaId: "BCDCBAF3-A5F9-470B-9829-C26994BFBB29", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.0.21:*:*:*:*:*:*:*", matchCriteriaId: "4DEF0BCB-FAAC-4B92-BE12-A0741FFBE9AD", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "86B978BE-1156-4C0A-A151-CC6E5ACE75BB", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "5A059287-BB94-4FC2-962B-EF1DBBF7D8FA", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.1.3:*:*:*:*:*:*:*", matchCriteriaId: "78620372-0ACD-4863-B29E-8A5E6049A538", vulnerable: true, }, { criteria: "cpe:2.3:a:libevent_project:libevent:2.1.4:*:*:*:*:*:*:*", matchCriteriaId: "64A02886-DA11-4E95-B18E-563577B7BE0A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via \"insanely large inputs\" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later.", }, { lang: "es", value: "Vulnerabilidad de desbordamientos de entero múltiple en la API evbuffer en Libevent 1.4.x en versiones anteriores a 1.4.15, 2.0.x en versiones anteriores a 2.0.22 y 2.1.x en versiones anteriores a 2.1.5-beta, permite a atacantes dependientes del contexto causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de 'entradas increíblemente grandes' en la función (1) evbuffer_add, (2) evbuffer_expand o (3) bufferevent_write, lo que desencadena un desbordamiento de buffer basado en memoria dinámica o un bucle infinito. NOTA: este identificador ha sido SEPARADO por ADT3 debido a diferentes versiones afectadas. Ver CVE-2015-6525 para las funciones que solo son afectadas en la versión 2.0 y anteriores.", }, ], id: "CVE-2014-6272", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-08-24T14:59:01.353", references: [ { source: "security@debian.org", tags: [ "Vendor Advisory", ], url: "http://archives.seul.org/libevent/users/Jan-2015/msg00010.html", }, { source: "security@debian.org", url: "http://www.debian.org/security/2015/dsa-3119", }, { source: "security@debian.org", url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.366317", }, { source: "security@debian.org", url: "https://puppet.com/security/cve/CVE-2014-6272", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://archives.seul.org/libevent/users/Jan-2015/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2015/dsa-3119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.366317", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://puppet.com/security/cve/CVE-2014-6272", }, ], sourceIdentifier: "security@debian.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-189", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-15 15:59
Modified
2025-04-20 01:37
Severity ?
Summary
The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 8.0 | |
| libevent_project | libevent | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libevent_project:libevent:*:*:*:*:*:*:*:*", matchCriteriaId: "469B6003-26EE-4332-A275-EB8FB208C484", versionEndIncluding: "2.1.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.", }, { lang: "es", value: "La función search_make_new en evdns.c en libevent en versiones anteriores a 2.1.6-beta permite a atacantes provocar una denegación de servicio (fuera de límites de lectura) a través de un nombre de host vacío.", }, ], id: "CVE-2016-10197", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-15T15:59:00.500", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2017/dsa-3789", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2017/01/31/17", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2017/02/02/7", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96014", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038320", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1104", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1106", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1201", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/libevent/libevent/issues/332", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201705-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2017/dsa-3789", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2017/01/31/17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2017/02/02/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96014", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038320", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1201", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/libevent/libevent/issues/332", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201705-01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2016-10197
Vulnerability from cvelistv5
Published
2017-03-15 15:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96014 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2017:1106 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2017/dsa-3789 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2017/02/02/7 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201705-01 | vendor-advisory, x_refsource_GENTOO | |
| https://github.com/libevent/libevent/issues/332 | x_refsource_CONFIRM | |
| https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2017/01/31/17 | mailing-list, x_refsource_MLIST | |
| http://www.securitytracker.com/id/1038320 | vdb-entry, x_refsource_SECTRACK | |
| https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2017:1104 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2017:1201 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T03:14:42.418Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "96014", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96014", }, { name: "RHSA-2017:1106", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1106", }, { name: "DSA-3789", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2017/dsa-3789", }, { name: "[oss-security] 20170202 Re: Bugs fixed in libevent 2.1.6", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2017/02/02/7", }, { name: "GLSA-201705-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201705-01", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/libevent/libevent/issues/332", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e", }, { name: "[oss-security] 20170131 Bugs fixed in libevent 2.1.6", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2017/01/31/17", }, { name: "1038320", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038320", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog", }, { name: "RHSA-2017:1104", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1104", }, { name: "RHSA-2017:1201", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1201", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-01-31T00:00:00", descriptions: [ { lang: "en", value: "The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "96014", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96014", }, { name: "RHSA-2017:1106", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1106", }, { name: "DSA-3789", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2017/dsa-3789", }, { name: "[oss-security] 20170202 Re: Bugs fixed in libevent 2.1.6", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2017/02/02/7", }, { name: "GLSA-201705-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201705-01", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/libevent/libevent/issues/332", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e", }, { name: "[oss-security] 20170131 Bugs fixed in libevent 2.1.6", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2017/01/31/17", }, { name: "1038320", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038320", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog", }, { name: "RHSA-2017:1104", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1104", }, { name: "RHSA-2017:1201", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1201", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-10197", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "96014", refsource: "BID", url: "http://www.securityfocus.com/bid/96014", }, { name: "RHSA-2017:1106", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1106", }, { name: "DSA-3789", refsource: "DEBIAN", url: "http://www.debian.org/security/2017/dsa-3789", }, { name: "[oss-security] 20170202 Re: Bugs fixed in libevent 2.1.6", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2017/02/02/7", }, { name: "GLSA-201705-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201705-01", }, { name: "https://github.com/libevent/libevent/issues/332", refsource: "CONFIRM", url: "https://github.com/libevent/libevent/issues/332", }, { name: "https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e", refsource: "CONFIRM", url: "https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e", }, { name: "[oss-security] 20170131 Bugs fixed in libevent 2.1.6", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2017/01/31/17", }, { name: "1038320", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038320", }, { name: "https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog", refsource: "CONFIRM", url: "https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog", }, { name: "RHSA-2017:1104", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1104", }, { name: "RHSA-2017:1201", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1201", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-10197", datePublished: "2017-03-15T15:00:00", dateReserved: "2017-02-01T00:00:00", dateUpdated: "2024-08-06T03:14:42.418Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-6525
Vulnerability from cvelistv5
Published
2015-08-24 14:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.seul.org/libevent/users/Jan-2015/msg00010.html | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2015/dsa-3119 | vendor-advisory, x_refsource_DEBIAN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:22:22.219Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[Libevent-users] 20150105 Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://archives.seul.org/libevent/users/Jan-2015/msg00010.html", }, { name: "DSA-3119", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3119", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-01-05T00:00:00", descriptions: [ { lang: "en", value: "Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via \"insanely large inputs\" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-08-24T13:57:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[Libevent-users] 20150105 Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://archives.seul.org/libevent/users/Jan-2015/msg00010.html", }, { name: "DSA-3119", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2015/dsa-3119", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-6525", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via \"insanely large inputs\" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[Libevent-users] 20150105 Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]", refsource: "MLIST", url: "http://archives.seul.org/libevent/users/Jan-2015/msg00010.html", }, { name: "DSA-3119", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3119", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-6525", datePublished: "2015-08-24T14:00:00", dateReserved: "2015-08-20T00:00:00", dateUpdated: "2024-08-06T07:22:22.219Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-10195
Vulnerability from cvelistv5
Published
2017-03-15 15:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96014 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2017:1106 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2017/dsa-3789 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2017/02/02/7 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201705-01 | vendor-advisory, x_refsource_GENTOO | |
| https://github.com/libevent/libevent/issues/317 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2017/01/31/17 | mailing-list, x_refsource_MLIST | |
| http://www.securitytracker.com/id/1038320 | vdb-entry, x_refsource_SECTRACK | |
| https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2017:1104 | vendor-advisory, x_refsource_REDHAT | |
| https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2017:1201 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T03:14:42.465Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "96014", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96014", }, { name: "RHSA-2017:1106", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1106", }, { name: "DSA-3789", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2017/dsa-3789", }, { name: "[oss-security] 20170202 Re: Bugs fixed in libevent 2.1.6", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2017/02/02/7", }, { name: "GLSA-201705-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201705-01", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/libevent/libevent/issues/317", }, { name: "[oss-security] 20170131 Bugs fixed in libevent 2.1.6", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2017/01/31/17", }, { name: "1038320", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038320", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog", }, { name: "RHSA-2017:1104", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1104", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d", }, { name: "RHSA-2017:1201", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1201", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-01-31T00:00:00", descriptions: [ { lang: "en", value: "The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "96014", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96014", }, { name: "RHSA-2017:1106", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1106", }, { name: "DSA-3789", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2017/dsa-3789", }, { name: "[oss-security] 20170202 Re: Bugs fixed in libevent 2.1.6", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2017/02/02/7", }, { name: "GLSA-201705-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201705-01", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/libevent/libevent/issues/317", }, { name: "[oss-security] 20170131 Bugs fixed in libevent 2.1.6", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2017/01/31/17", }, { name: "1038320", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038320", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog", }, { name: "RHSA-2017:1104", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1104", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d", }, { name: "RHSA-2017:1201", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1201", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-10195", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "96014", refsource: "BID", url: "http://www.securityfocus.com/bid/96014", }, { name: "RHSA-2017:1106", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1106", }, { name: "DSA-3789", refsource: "DEBIAN", url: "http://www.debian.org/security/2017/dsa-3789", }, { name: "[oss-security] 20170202 Re: Bugs fixed in libevent 2.1.6", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2017/02/02/7", }, { name: "GLSA-201705-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201705-01", }, { name: "https://github.com/libevent/libevent/issues/317", refsource: "CONFIRM", url: "https://github.com/libevent/libevent/issues/317", }, { name: "[oss-security] 20170131 Bugs fixed in libevent 2.1.6", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2017/01/31/17", }, { name: "1038320", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038320", }, { name: "https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog", refsource: "CONFIRM", url: "https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog", }, { name: "RHSA-2017:1104", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1104", }, { name: "https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d", refsource: "CONFIRM", url: "https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d", }, { name: "RHSA-2017:1201", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1201", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-10195", datePublished: "2017-03-15T15:00:00", dateReserved: "2017-02-01T00:00:00", dateUpdated: "2024-08-06T03:14:42.465Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-6272
Vulnerability from cvelistv5
Published
2015-08-24 14:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.seul.org/libevent/users/Jan-2015/msg00010.html | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2015/dsa-3119 | vendor-advisory, x_refsource_DEBIAN | |
| https://puppet.com/security/cve/CVE-2014-6272 | x_refsource_CONFIRM | |
| http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.366317 | vendor-advisory, x_refsource_SLACKWARE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T12:10:13.286Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[Libevent-users] 20150105 Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://archives.seul.org/libevent/users/Jan-2015/msg00010.html", }, { name: "DSA-3119", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3119", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://puppet.com/security/cve/CVE-2014-6272", }, { name: "SSA:2016-085-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred", ], url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.366317", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-01-05T00:00:00", descriptions: [ { lang: "en", value: "Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via \"insanely large inputs\" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-12-08T10:57:01", orgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5", shortName: "debian", }, references: [ { name: "[Libevent-users] 20150105 Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://archives.seul.org/libevent/users/Jan-2015/msg00010.html", }, { name: "DSA-3119", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2015/dsa-3119", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://puppet.com/security/cve/CVE-2014-6272", }, { name: "SSA:2016-085-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", ], url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.366317", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@debian.org", ID: "CVE-2014-6272", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via \"insanely large inputs\" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[Libevent-users] 20150105 Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]", refsource: "MLIST", url: "http://archives.seul.org/libevent/users/Jan-2015/msg00010.html", }, { name: "DSA-3119", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3119", }, { name: "https://puppet.com/security/cve/CVE-2014-6272", refsource: "CONFIRM", url: "https://puppet.com/security/cve/CVE-2014-6272", }, { name: "SSA:2016-085-01", refsource: "SLACKWARE", url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.366317", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5", assignerShortName: "debian", cveId: "CVE-2014-6272", datePublished: "2015-08-24T14:00:00", dateReserved: "2014-09-09T00:00:00", dateUpdated: "2024-08-06T12:10:13.286Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-10196
Vulnerability from cvelistv5
Published
2017-03-15 15:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T03:14:42.884Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "96014", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96014", }, { name: "RHSA-2017:1106", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1106", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.mozilla.org/security/advisories/mfsa2017-12/", }, { name: "DSA-3789", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2017/dsa-3789", }, { name: "[oss-security] 20170202 Re: Bugs fixed in libevent 2.1.6", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2017/02/02/7", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.mozilla.org/security/advisories/mfsa2017-11/", }, { name: "GLSA-201705-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201705-01", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.mozilla.org/security/advisories/mfsa2017-10/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.mozilla.org/security/advisories/mfsa2017-13/", }, { name: "[oss-security] 20170131 Bugs fixed in libevent 2.1.6", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2017/01/31/17", }, { name: "1038320", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038320", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1343453", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/libevent/libevent/issues/318", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog", }, { name: "RHSA-2017:1104", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1104", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5", }, { name: "RHSA-2017:1201", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1201", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-01-31T00:00:00", descriptions: [ { lang: "en", value: "Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-11T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "96014", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96014", }, { name: "RHSA-2017:1106", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1106", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.mozilla.org/security/advisories/mfsa2017-12/", }, { name: "DSA-3789", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2017/dsa-3789", }, { name: "[oss-security] 20170202 Re: Bugs fixed in libevent 2.1.6", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2017/02/02/7", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.mozilla.org/security/advisories/mfsa2017-11/", }, { name: "GLSA-201705-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201705-01", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.mozilla.org/security/advisories/mfsa2017-10/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.mozilla.org/security/advisories/mfsa2017-13/", }, { name: "[oss-security] 20170131 Bugs fixed in libevent 2.1.6", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2017/01/31/17", }, { name: "1038320", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038320", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1343453", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/libevent/libevent/issues/318", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog", }, { name: "RHSA-2017:1104", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1104", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5", }, { name: "RHSA-2017:1201", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1201", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-10196", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "96014", refsource: "BID", url: "http://www.securityfocus.com/bid/96014", }, { name: "RHSA-2017:1106", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1106", }, { name: "https://www.mozilla.org/security/advisories/mfsa2017-12/", refsource: "CONFIRM", url: "https://www.mozilla.org/security/advisories/mfsa2017-12/", }, { name: "DSA-3789", refsource: "DEBIAN", url: "http://www.debian.org/security/2017/dsa-3789", }, { name: "[oss-security] 20170202 Re: Bugs fixed in libevent 2.1.6", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2017/02/02/7", }, { name: "https://www.mozilla.org/security/advisories/mfsa2017-11/", refsource: "CONFIRM", url: "https://www.mozilla.org/security/advisories/mfsa2017-11/", }, { name: "GLSA-201705-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201705-01", }, { name: "https://www.mozilla.org/security/advisories/mfsa2017-10/", refsource: "CONFIRM", url: "https://www.mozilla.org/security/advisories/mfsa2017-10/", }, { name: "https://www.mozilla.org/security/advisories/mfsa2017-13/", refsource: "CONFIRM", url: "https://www.mozilla.org/security/advisories/mfsa2017-13/", }, { name: "[oss-security] 20170131 Bugs fixed in libevent 2.1.6", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2017/01/31/17", }, { name: "1038320", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038320", }, { name: "https://bugzilla.mozilla.org/show_bug.cgi?id=1343453", refsource: "CONFIRM", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1343453", }, { name: "https://github.com/libevent/libevent/issues/318", refsource: "CONFIRM", url: "https://github.com/libevent/libevent/issues/318", }, { name: "https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog", refsource: "CONFIRM", url: "https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog", }, { name: "RHSA-2017:1104", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1104", }, { name: "https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5", refsource: "CONFIRM", url: "https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5", }, { name: "RHSA-2017:1201", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1201", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-10196", datePublished: "2017-03-15T15:00:00", dateReserved: "2017-02-01T00:00:00", dateUpdated: "2024-08-06T03:14:42.884Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }