5 results (0.018 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname. La función search_make_new en evdns.c en libevent en versiones anteriores a 2.1.6-beta permite a atacantes provocar una denegación de servicio (fuera de límites de lectura) a través de un nombre de host vacío. An out of bounds read vulnerability was found in libevent in the search_make_new function. If an attacker could cause an application using libevent to attempt resolving an empty hostname, an out of bounds read could occur possibly leading to a crash. • http://www.debian.org/security/2017/dsa-3789 http://www.openwall.com/lists/oss-security/2017/01/31/17 http://www.openwall.com/lists/oss-security/2017/02/02/7 http://www.securityfocus.com/bid/96014 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1104 https://access.redhat.com/errata/RHSA-2017:1106 https://access.redhat.com/errata/RHSA-2017:1201 https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog https: • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1

The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read. La función name_parse en evdns.c en libevent en versiones anteriores a 2.1.6-beta permite a atacantes remotos tener un impacto no especificado a través de vectores que implican la variable label_len, lo que desencadena una lectura de pila fuera de los límites. A vulnerability was found in libevent with the parsing of DNS requests and replies. An attacker could send a forged DNS response to an application using libevent which could lead to reading data out of bounds on the heap, potentially disclosing a small amount of application memory. • http://www.debian.org/security/2017/dsa-3789 http://www.openwall.com/lists/oss-security/2017/01/31/17 http://www.openwall.com/lists/oss-security/2017/02/02/7 http://www.securityfocus.com/bid/96014 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1104 https://access.redhat.com/errata/RHSA-2017:1106 https://access.redhat.com/errata/RHSA-2017:1201 https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog https: • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1

Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument. Desbordamiento de búfer en la función evutil_parse_sockaddr_port en evutil.c en libevent en versiones anteriores a 2.1.6-beta permite a atacantes provocar una denegación de servicio (fallo de segmentación) a través de vectores que implican una cadena larga entre corchetes en el argumento ip_as_string. A vulnerability was found in libevent with the parsing of IPv6 addresses. If an attacker could cause an application using libevent to parse a malformed address in IPv6 notation of more than 2GiB in length, a stack overflow would occur leading to a crash. • http://www.debian.org/security/2017/dsa-3789 http://www.openwall.com/lists/oss-security/2017/01/31/17 http://www.openwall.com/lists/oss-security/2017/02/02/7 http://www.securityfocus.com/bid/96014 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1104 https://access.redhat.com/errata/RHSA-2017:1106 https://access.redhat.com/errata/RHSA-2017:1201 https://bugzilla.mozilla.org/show_bug.cgi?id=1343453 https://github.com/libeve • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0

Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions. Vulnerabilidad de desbordamientos de entero múltiple en la API evbuffer en Libevent 2.0.x en versiones anteriores a 2.0.22 y 2.1.x en versiones anteriores a 2.1.5-beta, permite a atacantes dependientes del contexto causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de 'entradas increíblemente grandes' en la función (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space o (5) evbuffer_read, lo que desencadena un desbordamiento de buffer basado en memoria dinámica o un bucle infinito. NOTA: este identificador ha sido SEPARADO de CVE-2014-6272 por ADT3 debido a las diferentes versiones afectadas. • http://archives.seul.org/libevent/users/Jan-2015/msg00010.html http://www.debian.org/security/2015/dsa-3119 • CWE-189: Numeric Errors •

CVSS: 7.5EPSS: 0%CPEs: 41EXPL: 0

Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later. Vulnerabilidad de desbordamientos de entero múltiple en la API evbuffer en Libevent 1.4.x en versiones anteriores a 1.4.15, 2.0.x en versiones anteriores a 2.0.22 y 2.1.x en versiones anteriores a 2.1.5-beta, permite a atacantes dependientes del contexto causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de 'entradas increíblemente grandes' en la función (1) evbuffer_add, (2) evbuffer_expand o (3) bufferevent_write, lo que desencadena un desbordamiento de buffer basado en memoria dinámica o un bucle infinito. NOTA: este identificador ha sido SEPARADO por ADT3 debido a diferentes versiones afectadas. • http://archives.seul.org/libevent/users/Jan-2015/msg00010.html http://www.debian.org/security/2015/dsa-3119 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.366317 https://puppet.com/security/cve/CVE-2014-6272 • CWE-189: Numeric Errors •