rpm package
suse/libevent&distro=SUSE Linux Enterprise Software Development Kit 12 SP3
pkg:rpm/suse/libevent&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-10197 | Hig | 7.5 | < 2.0.21-6.3.1 | 2.0.21-6.3.1 | Mar 15, 2017 | The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname. | |
| CVE-2016-10196 | Hig | 7.5 | < 2.0.21-6.3.1 | 2.0.21-6.3.1 | Mar 15, 2017 | Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument. | |
| CVE-2016-10195 | Cri | 9.8 | < 2.0.21-6.3.1 | 2.0.21-6.3.1 | Mar 15, 2017 | The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read. |
- affected < 2.0.21-6.3.1fixed 2.0.21-6.3.1
The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.
- affected < 2.0.21-6.3.1fixed 2.0.21-6.3.1
Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.
- affected < 2.0.21-6.3.1fixed 2.0.21-6.3.1
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.