Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-10196

Опубликовано: 27 янв. 2016
Источник: redhat
CVSS3: 7.5

Описание

Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.

A vulnerability was found in libevent with the parsing of IPv6 addresses. If an attacker could cause an application using libevent to parse a malformed address in IPv6 notation of more than 2GiB in length, a stack overflow would occur leading to a crash.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5firefoxWill not fix
Red Hat Enterprise Linux 5libeventNot affected
Red Hat Enterprise Linux 5nfs-utilsNot affected
Red Hat Enterprise Linux 5openmpiNot affected
Red Hat Enterprise Linux 5thunderbirdWill not fix
Red Hat Enterprise Linux 6chromium-browserNot affected
Red Hat Enterprise Linux 6libeventNot affected
Red Hat Enterprise Linux 6nfs-utilsNot affected
Red Hat Enterprise Linux 6openmpiNot affected
Red Hat Enterprise Linux 7libeventWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-121
https://bugzilla.redhat.com/show_bug.cgi?id=1418611libevent: Stack-buffer overflow in evutil_parse_sockaddr_port()

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2016-10196

CVSS3: 7.5
ubuntu
больше 8 лет назад

Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.

nvd логотип

CVE-2016-10196

CVSS3: 7.5
nvd
больше 8 лет назад

Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.

debian логотип

CVE-2016-10196

CVSS3: 7.5
debian
больше 8 лет назад

Stack-based buffer overflow in the evutil_parse_sockaddr_port function ...

github логотип

GHSA-c3jf-437c-9298

CVSS3: 7.5
github
больше 3 лет назад

Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.

fstec логотип

BDU:2020-05801

CVSS3: 7.5
fstec
больше 8 лет назад

Уязвимость функции evutil_parse_sockaddr_port (evutil.c) библиотеки асинхронного уведомления событий Libevent, позволяющая нарушителю вызвать отказ в обслуживании

7.5 High

CVSS3