Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-6525

Опубликовано: 24 авг. 2015
Источник: nvd
CVSS2: 7.5
EPSS Низкий

Описание

Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:libevent_project:libevent:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.13:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.14:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.15:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.16:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.17:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.18:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.19:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.20:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.0.21:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:libevent_project:libevent:2.1.4:*:*:*:*:*:*:*

EPSS

Процентиль: 77%
0.0107
Низкий

7.5 High

CVSS2

Дефекты

CWE-189

Связанные уязвимости

ubuntu логотип

CVE-2015-6525

ubuntu
больше 10 лет назад

Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions.

redhat логотип

CVE-2015-6525

redhat
больше 10 лет назад

Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions.

debian логотип

CVE-2015-6525

debian
больше 10 лет назад

Multiple integer overflows in the evbuffer API in Libevent 2.0.x befor ...

github логотип

GHSA-xfhg-qx7p-6gx5

github
больше 3 лет назад

Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions.

fstec логотип

BDU:2015-11273

fstec
больше 10 лет назад

Уязвимости библиотеки Libevent, позволяющие нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 77%
0.0107
Низкий

7.5 High

CVSS2

Дефекты

CWE-189