|
|
Subscribe / Log in / New account

libevent: denial of service

Package(s):libevent CVE #(s):CVE-2014-6272
Created:January 6, 2015 Updated:March 28, 2016
Description: From the Debian advisory

Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t.

Alerts:
Slackware SSA:2016-085-01 libevent 2016-03-25
Mandriva MDVSA-2015:017-1 libevent 2015-03-29
Gentoo 201502-07 libevent 2015-02-07
openSUSE openSUSE-SU-2015:0132-1 libevent 2015-01-23
Debian-LTS DLA-137-1 libevent 2015-01-26
Ubuntu USN-2477-1 libevent 2015-01-19
Mandriva MDVSA-2015:017 libevent 2015-01-08
Mageia MGASA-2015-0009 libevent 2015-01-07
Debian DSA-3119-1 libevent 2015-01-06
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds