Published: 24/08/2015 Updated: 09/12/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple integer overflows in the evbuffer API in Libevent 1.4.x prior to 1.4.15, 2.0.x prior to 2.0.22, and 2.1.x prior to 2.1.5-beta allow context-dependent malicious users to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 7.0
libevent project libevent 1.4.5
libevent project libevent 1.4.6
libevent project libevent 1.4.13
libevent project libevent 1.4.14
libevent project libevent 2.0.8
libevent project libevent 2.0.9
libevent project libevent 2.0.16
libevent project libevent 2.0.17
libevent project libevent 2.1.3
libevent project libevent 2.1.4
libevent project libevent 1.4.1
libevent project libevent 1.4.2
libevent project libevent 1.4.9
libevent project libevent 1.4.10
libevent project libevent 2.0.4
libevent project libevent 2.0.5
libevent project libevent 2.0.12
libevent project libevent 2.0.13
libevent project libevent 2.0.20
libevent project libevent 2.0.21
libevent project libevent 1.4.0
libevent project libevent 1.4.7
libevent project libevent 1.4.8
libevent project libevent 2.0.1
libevent project libevent 2.0.2
libevent project libevent 2.0.3
libevent project libevent 2.0.10
libevent project libevent 2.0.11
libevent project libevent 2.0.18
libevent project libevent 2.0.19
libevent project libevent 1.4.3
libevent project libevent 1.4.4
libevent project libevent 1.4.11
libevent project libevent 1.4.12
libevent project libevent 2.0.6
libevent project libevent 2.0.7
libevent project libevent 2.0.14
libevent project libevent 2.0.15
libevent project libevent 2.1.1
libevent project libevent 2.1.2

Debian Bug report logs - #774645 libevent: CVE-2014-6272: potential heap overflow in buffer/bufferevent APIs Package: src:libevent; Maintainer for src:libevent is Anibal Monsalve Salazar <anibal@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 5 Jan 2015 17:51:01 UTC Severity: grave Tags ...

libevent could be made to crash or run programs if it processed specially crafted data ...

Multiple integer overflows in the evbuffer API in Libevent 14x before 1415, 20x before 2022, and 21x before 215-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which t ...

CWE-189 http://www.debian.org/security/2015/dsa-3119 http://archives.seul.org/libevent/users/Jan-2015/msg00010.html http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.366317 https://puppet.com/security/cve/CVE-2014-6272 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774645 https://usn.ubuntu.com/2477-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-6272

CVE-2014-6272

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect