Libevent
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-10195 | Cri | 0.57 | 9.8 | 0.06 | Mar 15, 2017 | The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read. | ||
| CVE-2016-10197 | Hig | 0.42 | 7.5 | 0.02 | Mar 15, 2017 | The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname. | ||
| CVE-2016-10196 | Hig | 0.42 | 7.5 | 0.02 | Mar 15, 2017 | Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument. | ||
| CVE-2015-6525 | 0.00 | — | 0.01 | Aug 24, 2015 | Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2)… | |||
| CVE-2014-6272 | 0.00 | — | 0.01 | Aug 24, 2015 | Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1)… | |||
| CVE-2007-1030 | 0.00 | — | 0.02 | Feb 21, 2007 | Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset. |
- risk 0.57cvss 9.8epss 0.06
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.
- risk 0.42cvss 7.5epss 0.02
The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.
- risk 0.42cvss 7.5epss 0.02
Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.
- CVE-2015-6525Aug 24, 2015risk 0.00cvss —epss 0.01
Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2)…
- CVE-2014-6272Aug 24, 2015risk 0.00cvss —epss 0.01
Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1)…
- CVE-2007-1030Feb 21, 2007risk 0.00cvss —epss 0.02
Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset.