Lucene search
UbuntuUSN-2477-1HistoryJan 19, 2015 - 12:00 a.m.
libevent vulnerability
2015-01-1900:00:00
ubuntu.com
39
9.8 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
75.1%
Releases
- Ubuntu 14.10
- Ubuntu 14.04 ESM
- Ubuntu 12.04
- Ubuntu 10.04
Packages
- libevent - Asynchronous event notification library
Details
Andrew Bartlett discovered that libevent incorrectly handled large inputs
to the evbuffer API. A remote attacker could possibly use this issue with
an application that uses libevent to cause a denial of service, or possibly
execute arbitrary code.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 14.10 | noarch | libevent-2.0-5 | < 2.0.21-stable-1ubuntu1.14.10.1 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libevent-core-2.0-5 | < 2.0.21-stable-1ubuntu1.14.10.1 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libevent-dbg | < 2.0.21-stable-1ubuntu1.14.10.1 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libevent-dev | < 2.0.21-stable-1ubuntu1.14.10.1 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libevent-extra-2.0-5 | < 2.0.21-stable-1ubuntu1.14.10.1 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libevent-openssl-2.0-5 | < 2.0.21-stable-1ubuntu1.14.10.1 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libevent-pthreads-2.0-5 | < 2.0.21-stable-1ubuntu1.14.10.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libevent-2.0-5 | < 2.0.21-stable-1ubuntu1.14.04.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libevent-core-2.0-5 | < 2.0.21-stable-1ubuntu1.14.04.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libevent-dbg | < 2.0.21-stable-1ubuntu1.14.04.1 | UNKNOWN |
References
Related
nessus
nessus
SuSE 11.3 Security Update : libevent (SAT Patch Number 9824)
2014-10-11 00:00:00
Debian DLA-137-1 : libevent security update
2015-03-26 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for libevent (EulerOS-SA-2018-1164)
2020-01-23 00:00:00
Slackware: Security Advisory (SSA:2016-085-01)
2022-04-21 00:00:00
Debian: Security Advisory (DLA-137-1)
2023-03-08 00:00:00
freebsd
freebsd
libevent -- integer overflow in evbuffers
2015-01-05 00:00:00
securityvulns
securityvulns
[ MDVSA-2015:017 ] libevent
2015-01-13 00:00:00
libevent integer overflow
2015-01-13 00:00:00
debian
debian
[SECURITY] [DSA 3119-1] libevent security update
2015-01-06 07:23:13
[SECURITY] [DSA 3119-1] libevent security update
2015-01-06 07:23:38
[SECURITY] [DLA 137-1] libevent security update
2015-01-26 10:50:24
archlinux
archlinux
libevent: heap overflow
2015-01-13 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2018-06-11 09:28:38
mageia
mageia
Updated libevent packages fix CVE-2014-6272
2015-01-07 18:14:58
gentoo
gentoo
libevent: User-assisted execution of arbitrary code
2015-02-07 00:00:00
slackware
slackware
[slackware-security] libevent
2016-03-25 21:59:27
debiancve
debiancve
CVE-2014-6272
2015-08-24 14:59:00
CVE-2015-6525
2015-08-24 14:59:00
prion
prion
Integer overflow
2015-08-24 14:59:00
Integer overflow
2015-08-24 14:59:00
osv
osv
libevent - security update
2015-01-06 00:00:00
cve
cve
CVE-2014-6272
2015-08-24 14:59:00
CVE-2015-6525
2015-08-24 14:59:00
amazon
amazon
Medium: libevent
2019-11-11 17:38:00
ubuntucve
ubuntucve
CVE-2015-6525
2015-08-24 00:00:00
CVE-2014-6272
2015-01-06 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1869
2021-07-02 17:13:48
9.8 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
75.1%
Related for USN-2477-1