Описание
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.
A vulnerability was found in libevent with the parsing of DNS requests and replies. An attacker could send a forged DNS response to an application using libevent which could lead to reading data out of bounds on the heap, potentially disclosing a small amount of application memory.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | firefox | Will not fix | ||
| Red Hat Enterprise Linux 5 | libevent | Will not fix | ||
| Red Hat Enterprise Linux 5 | nfs-utils | Not affected | ||
| Red Hat Enterprise Linux 5 | openmpi | Not affected | ||
| Red Hat Enterprise Linux 5 | thunderbird | Will not fix | ||
| Red Hat Enterprise Linux 6 | chromium-browser | Not affected | ||
| Red Hat Enterprise Linux 6 | libevent | Will not fix | ||
| Red Hat Enterprise Linux 6 | nfs-utils | Not affected | ||
| Red Hat Enterprise Linux 6 | openmpi | Not affected | ||
| Red Hat Enterprise Linux 7 | libevent | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.
The name_parse function in evdns.c in libevent before 2.1.6-beta allow ...
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.
EPSS
9.8 Critical
CVSS3