CVE-2016-10196Out-of-bounds Write in Libevent

CWE-787Out-of-bounds WriteCWE-121Stack-based Buffer Overflow12 documents7 sources
Severity
7.5HIGHNVD
OSV9.8
EPSS
0.7%
top 26.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Libevent Project LibeventMozilla FirefoxMozilla Thunderbird+2 more
Timeline
PublishedMar 15
Latest updateMay 13

Description

Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

debiandebian/libevent< libevent 2.0.21-stable-3 (bookworm)
Debianlibevent_project/libevent< 2.0.21-stable-3+3
NVDmozilla/firefox< 45.9.0+2
NVDmozilla/thunderbird< 52.1.0

Also affects: Debian Linux 8.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-c3jf-437c-9298: Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil2022-05-13
OSV
thunderbird vulnerabilities2017-05-16
OSV
CVE-2016-10196: Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil2017-03-15

📋Vendor Advisories

5
Ubuntu
Thunderbird vulnerabilities2017-05-16
Red Hat
Mozilla: Vulnerabilities in libevent library (MFSA 2017-11, MFSA 2017-12)2017-04-19
Ubuntu
libevent vulnerabilities2017-03-13
Red Hat
libevent: Stack-buffer overflow in evutil_parse_sockaddr_port()2016-01-27
Debian
CVE-2016-10196: libevent - Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil...2016

💬Community

3
Bugzilla
3 public security flaws in libevent, which may affect mozilla products2017-03-01
Bugzilla
CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 libevent: various flaws [fedora-all]2017-02-02
Bugzilla
CVE-2016-10196 libevent: Stack-buffer overflow in evutil_parse_sockaddr_port()2017-02-02