Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P
Vendors Products
Debian
  • Debian Linux
Libevent Project
  • Libevent

Configuration 1 [-]

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:libevent_project:libevent:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:1.4.9:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:1.4.11:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:1.4.12:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:1.4.13:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:1.4.14:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.13:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.14:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.15:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.16:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.17:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.18:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.19:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.20:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.21:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.1.4:*:*:*:*:*:*:*
References
Link Resource
http://archives.seul.org/libevent/users/Jan-2015/msg00010.html Vendor Advisory
http://www.debian.org/security/2015/dsa-3119
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.366317
https://puppet.com/security/cve/CVE-2014-6272
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: debian

Published: 2015-08-24T14:00:00

Updated: 2017-12-08T10:57:01

Reserved: 2014-09-09T00:00:00

Link: CVE-2014-6272

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2015-08-24T14:59:01.353

Modified: 2017-12-09T02:29:03.687

Link: CVE-2014-6272

JSON object: View

cve-icon Redhat Information

No data.

CWE