CVE-2014-6272 — Integer Overflow or Wraparound in Libevent
Severity
7.5HIGHNVD
EPSS
1.1%
top 22.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 24
Latest updateMay 17
Description
Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-20…
CVSS vector
AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4
Affected Packages3 packages
Also affects: Debian Linux 7.0, 7.1
🔴Vulnerability Details
4📋Vendor Advisories
5💬Community
3Bugzilla▶
CVE-2014-6272 CVE-2015-6525 libevent: potential heap overflow in buffer/bufferevent APIs [fedora-all]↗2015-01-05