[FREEBSD:B8EE7A81-A879-4358-9B30-7DD1BD4C14B1] libevent -- multiple vulnerabilities

Severity Critical

Affected Packages 1

CVEs 3

Debian Security reports:

  CVE-2016-10195: The name_parse function in evdns.c in
    libevent before 2.1.6-beta allows remote attackers to have
    unspecified impact via vectors involving the label_len
    variable, which triggers an out-of-bounds stack read.
  CVE-2016-10196: Stack-based buffer overflow in the
    evutil_parse_sockaddr_port function in evutil.c in libevent
    before 2.1.6-beta allows attackers to cause a denial of
    service (segmentation fault) via vectors involving a long
    string in brackets in the ip_as_string argument.
  CVE-2016-10197: The search_make_new function in evdns.c
    in libevent before 2.1.6-beta allows attackers to cause a
    denial of service (out-of-bounds read) via an empty
    hostname.

Package	Affected Version
pkg:freebsd/libevent	< 2.1.6

ID

FREEBSD:B8EE7A81-A879-4358-9B30-7DD1BD4C14B1

Severity

critical

Severity from

CVE-2016-10195

URL

http://vuxml.freebsd.org/freebsd/b8ee7a81-a879-4358-9b30-7dd1bd4c14b1.html

Published

2017-01-31T00:00:00
(7 years ago)

Modified

2017-04-19T00:00:00
(7 years ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			http://www.openwall.com/lists/oss-security/2017/01/31/17
FreeBSD VuXML			https://github.com/libevent/libevent/issues/317
FreeBSD VuXML			https://github.com/libevent/libevent/issues/318
FreeBSD VuXML			https://github.com/libevent/libevent/issues/332
FreeBSD VuXML			https://github.com/libevent/libevent/issues/335

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:freebsd/libevent		libevent	< 2.1.6

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date