[FREEBSD:B8EE7A81-A879-4358-9B30-7DD1BD4C14B1] libevent -- multiple vulnerabilities
Severity
Critical
Affected Packages
1
CVEs
3
Debian Security reports:
CVE-2016-10195: The name_parse function in evdns.c in
libevent before 2.1.6-beta allows remote attackers to have
unspecified impact via vectors involving the label_len
variable, which triggers an out-of-bounds stack read.
CVE-2016-10196: Stack-based buffer overflow in the
evutil_parse_sockaddr_port function in evutil.c in libevent
before 2.1.6-beta allows attackers to cause a denial of
service (segmentation fault) via vectors involving a long
string in brackets in the ip_as_string argument.
CVE-2016-10197: The search_make_new function in evdns.c
in libevent before 2.1.6-beta allows attackers to cause a
denial of service (out-of-bounds read) via an empty
hostname.
Package | Affected Version |
---|---|
pkg:freebsd/libevent | < 2.1.6 |
- ID
- FREEBSD:B8EE7A81-A879-4358-9B30-7DD1BD4C14B1
- Severity
- critical
- Severity from
- CVE-2016-10195
- URL
- http://vuxml.freebsd.org/freebsd/b8ee7a81-a879-4358-9b30-7dd1bd4c14b1.html
- Published
-
2017-01-31T00:00:00
(7 years ago) - Modified
-
2017-04-19T00:00:00
(7 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
-
- ALPINE:CVE-2016-10195
- ALPINE:CVE-2016-10196
- ALPINE:CVE-2016-10197
- DSA-3789-1
- ELSA-2017-1201
- GLSA-201705-01
- GLSA-201802-03
- MFSA-2017-10
- MFSA-2017-11
- MFSA-2017-12
- MFSA-2017-13
- RHSA-2017:1104
- RHSA-2017:1106
- RHSA-2017:1201
- SUSE-SU-2017:1669-1
- SUSE-SU-2017:2235-1
- SUSE-SU-2018:0200-1
- SUSE-SU-2018:0263-1
- USN-3228-1
- USN-3278-1
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | http://www.openwall.com/lists/oss-security/2017/01/31/17 | ||
FreeBSD VuXML | https://github.com/libevent/libevent/issues/317 | ||
FreeBSD VuXML | https://github.com/libevent/libevent/issues/318 | ||
FreeBSD VuXML | https://github.com/libevent/libevent/issues/332 | ||
FreeBSD VuXML | https://github.com/libevent/libevent/issues/335 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/libevent | libevent | < 2.1.6 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |