Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P
Vendors Products
Debian
  • Debian Linux
Libevent Project
  • Libevent

Configuration 1 [-]

cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:libevent_project:libevent:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.13:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.14:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.15:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.16:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.17:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.18:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.19:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.20:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.21:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.1.4:*:*:*:*:*:*:*
References
Link Resource
http://archives.seul.org/libevent/users/Jan-2015/msg00010.html Vendor Advisory
http://www.debian.org/security/2015/dsa-3119
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2015-08-24T14:00:00

Updated: 2015-08-24T13:57:02

Reserved: 2015-08-20T00:00:00

Link: CVE-2015-6525

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2015-08-24T14:59:14.133

Modified: 2015-08-26T02:56:08.343

Link: CVE-2015-6525

JSON object: View

cve-icon Redhat Information

No data.

CWE