Veracode Vulnerability DatabaseVERACODE:45056Buffer Overflow
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.1%
libuev.so is vulnerable to Buffer Overflow. The vulnerability is due to insufficient maxevents validation within uev.c. An attacker can perform a buffer overflow by submitting a large maxevents value.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libuev.so | le | 3.0.0-2.4.0-1.el8.x86_64.debug | |
| libuev.so | le | 3.0.0-2.4.0-1.el8.x86_64.debug |
References
github.com/troglobit/libuev/commit/2d9f1c9ce655cc38511aeeb6e95ac30914f7aec9
github.com/troglobit/libuev/compare/v2.4.0...v2.4.1
github.com/troglobit/libuev/issues/27
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2J4UB4KXWCCTZCE53B6SFIREZ57INK7T/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6RLVLJGDKTEVJP446TFDANHB4LHRAOP/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2XZESYGE6XDWAPFUOX26ZWJV2JWMMM5/
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.1%