Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL
Libevent project Libevent 2.0.19 (not an official CPE)
Libevent project Libevent 2.0.18 (not an official CPE)
Libevent project Libevent 2.0.17 (not an official CPE)
Libevent project Libevent 2.0.21 (not an official CPE)
Libevent project Libevent 2.0.20 (not an official CPE)
Libevent project Libevent 2.0.5 (not an official CPE)
Libevent project Libevent 2.1.4 (not an official CPE)
Libevent project Libevent 2.0.4 (not an official CPE)
Libevent project Libevent 2.1.3 (not an official CPE)
Libevent project Libevent 2.0.12 (not an official CPE)
Libevent project Libevent 2.0.11 (not an official CPE)
Libevent project Libevent 2.0.10 (not an official CPE)
Libevent project Libevent 2.0.1 (not an official CPE)
Libevent project Libevent 2.0.16 (not an official CPE)
Libevent project Libevent 2.0.15 (not an official CPE)
Libevent project Libevent 2.0.14 (not an official CPE)
Libevent project Libevent 2.0.13 (not an official CPE)
Libevent project Libevent 2.0.3 (not an official CPE)
Libevent project Libevent 2.1.2 (not an official CPE)
Libevent project Libevent 2.0.2 (not an official CPE)
Libevent project Libevent 2.1.1 (not an official CPE)
Libevent project Libevent 2.0.9 (not an official CPE)
Libevent project Libevent 2.0.8 (not an official CPE)
Libevent project Libevent 2.0.7 (not an official CPE)
Libevent project Libevent 2.0.6 (not an official CPE)
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| DSA-3119 | |||
| [Libevent-users] 20150105 Advisory: integer overflow in ... |