Libevent Project
Products
3- 6 CVEs
- 5 CVEs
- 4 CVEs
Recent CVEs
15| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-10195 | Cri | 0.57 | 9.8 | 0.06 | Mar 15, 2017 | The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read. | ||
| CVE-2016-10197 | Hig | 0.42 | 7.5 | 0.02 | Mar 15, 2017 | The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname. | ||
| CVE-2016-10196 | Hig | 0.42 | 7.5 | 0.02 | Mar 15, 2017 | Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument. | ||
| CVE-2009-0343 | 0.03 | — | 0.00 | Jan 29, 2009 | Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in… | |||
| CVE-2007-4305 | 0.03 | — | 0.00 | Aug 13, 2007 | Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing. | |||
| CVE-2004-2012 | 0.03 | — | 0.00 | Dec 31, 2004 | The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges. | |||
| CVE-2007-4773 | 0.00 | — | 0.01 | Jan 15, 2020 | Systrace before 1.6.0 has insufficient escape policy enforcement. | |||
| CVE-2015-6525 | 0.00 | — | 0.01 | Aug 24, 2015 | Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2)… | |||
| CVE-2014-6272 | 0.00 | — | 0.01 | Aug 24, 2015 | Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1)… | |||
| CVE-2009-0342 | 0.00 | — | 0.00 | Jan 29, 2009 | Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall. | |||
| CVE-2008-3928 | 0.00 | — | 0.00 | Sep 4, 2008 | test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||
| CVE-2007-1030 | 0.00 | — | 0.02 | Feb 21, 2007 | Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset. | |||
| CVE-2006-4292 | 0.00 | — | 0.01 | Aug 22, 2006 | Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows remote attackers to cause a denial of service (application crash) via certain Address Resolution Protocol (ARP) packets. | |||
| CVE-2006-0752 | 0.00 | — | 0.01 | Feb 18, 2006 | Niels Provos Honeyd before 1.5 replies to certain illegal IP packet fragments that other IP stack implementations would drop, which allows remote attackers to identify IP addresses that are being simulated using honeyd. | |||
| CVE-2004-2095 | 0.00 | — | 0.01 | Dec 31, 2004 | Honeyd before 0.8 replies to TCP packets with the SYN and RST flags set, which allows remote attackers to identify IP addresses that are being simulated by Honeyd. |
- risk 0.57cvss 9.8epss 0.06
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.
- risk 0.42cvss 7.5epss 0.02
The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.
- risk 0.42cvss 7.5epss 0.02
Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.
- CVE-2009-0343Jan 29, 2009risk 0.03cvss —epss 0.00
Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in…
- CVE-2007-4305Aug 13, 2007risk 0.03cvss —epss 0.00
Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.
- CVE-2004-2012Dec 31, 2004risk 0.03cvss —epss 0.00
The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.
- CVE-2007-4773Jan 15, 2020risk 0.00cvss —epss 0.01
Systrace before 1.6.0 has insufficient escape policy enforcement.
- CVE-2015-6525Aug 24, 2015risk 0.00cvss —epss 0.01
Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2)…
- CVE-2014-6272Aug 24, 2015risk 0.00cvss —epss 0.01
Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1)…
- CVE-2009-0342Jan 29, 2009risk 0.00cvss —epss 0.00
Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall.
- CVE-2008-3928Sep 4, 2008risk 0.00cvss —epss 0.00
test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary files via a symlink attack on a temporary file.
- CVE-2007-1030Feb 21, 2007risk 0.00cvss —epss 0.02
Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset.
- CVE-2006-4292Aug 22, 2006risk 0.00cvss —epss 0.01
Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows remote attackers to cause a denial of service (application crash) via certain Address Resolution Protocol (ARP) packets.
- CVE-2006-0752Feb 18, 2006risk 0.00cvss —epss 0.01
Niels Provos Honeyd before 1.5 replies to certain illegal IP packet fragments that other IP stack implementations would drop, which allows remote attackers to identify IP addresses that are being simulated using honeyd.
- CVE-2004-2095Dec 31, 2004risk 0.00cvss —epss 0.01
Honeyd before 0.8 replies to TCP packets with the SYN and RST flags set, which allows remote attackers to identify IP addresses that are being simulated by Honeyd.