CVE-2015-6525

24.08.2015, 14:59

Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop.  NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:N/C:P/I:P/A:P
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 76%

Vendor	Product	Version
debian	debian_linux	7.1
libevent_project	libevent	2.0.1
libevent_project	libevent	2.0.2
libevent_project	libevent	2.0.3
libevent_project	libevent	2.0.4
libevent_project	libevent	2.0.5
libevent_project	libevent	2.0.6
libevent_project	libevent	2.0.7
libevent_project	libevent	2.0.8
libevent_project	libevent	2.0.9
libevent_project	libevent	2.0.10
libevent_project	libevent	2.0.11
libevent_project	libevent	2.0.12
libevent_project	libevent	2.0.13
libevent_project	libevent	2.0.14
libevent_project	libevent	2.0.15
libevent_project	libevent	2.0.16
libevent_project	libevent	2.0.17
libevent_project	libevent	2.0.18
libevent_project	libevent	2.0.19
libevent_project	libevent	2.0.20
libevent_project	libevent	2.0.21
libevent_project	libevent	2.1.1
libevent_project	libevent	2.1.2
libevent_project	libevent	2.1.3
libevent_project	libevent	2.1.4