CVE-2016-10195

CVE-2016-10195 affects libevent’s evdns.c name_parse function, where handling of label_len can trigger an out-of-bounds stack read. The vulnerability exists in libevent up to version prior to 2.1.6-beta, and is described as having unspecified impact for remote attackers via the label_len-related ...

CVE-2016-10197

CVE-2016-10197 affects libevent’s evdns.c: the search_make_new function in libevent before 2.1.6-beta can trigger an out-of-bounds read via an empty hostname, leading to denial of service. Affected product is libevent (evdns.c); fixed in the 2.1.6-beta release. Several external advisories referen...

CVE-2016-10196

CVE-2016-10196 : A stack-based buffer overflow in libevent’s evutil_parse_sockaddr_port (evutil.c) before 2.1.6-beta allows a crafted long string in ip_as_string to cause a denial-of-service (segmentation fault). Affected software is libevent prior to 2.1.6-beta; the description notes the fix in ...

CVE-2014-6272

Libevent’s evbuffer API contains multiple integer overflows in affected versions: 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta. An attacker providing insanely large inputs to evbuffer_add, evbuffer_expand, or bufferevent_write can trigger a heap-based buffer overflow or a...

CVE-2015-6525

CVE-2015-6525 affects Libevent’s evbuffer API. Affected: Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta; also 1.4.x is split per ADT3 but not required for 2.0/2.1. The vulnerability arises from multiple integer overflows in functions including evbuffer_add, evbuffer_prepend, evbuffer_ex...