CVE-2016-10197 — Out-of-bounds Read in Libevent

CWE-125 — Out-of-bounds Read12 documents7 sources

Severity

7.5HIGHNVD

OSV9.8

EPSS

2.4%

top 14.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libevent Project Libevent Mozilla Thunderbird Debian Libevent +1 more

Timeline

PublishedMar 15

Latest updateMay 13

Description

The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/libevent< libevent 2.0.21-stable-3 (bookworm)

▶Debianlibevent_project/libevent< 2.0.21-stable-3+3

▶NVDlibevent_project/libevent2.1.5

▶Ubuntumozilla/thunderbird< 1:52.1.1+build1-0ubuntu0.14.04.1+1

Also affects: Debian Linux 8.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-p9p6-m8vm-vcxx: The search_make_new function in evdns↗2022-05-13

▶

OSV

thunderbird vulnerabilities↗2017-05-16

▶

OSV

CVE-2016-10197: The search_make_new function in evdns↗2017-03-15

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2017-05-16

▶

Red Hat

Mozilla: Vulnerabilities in libevent library (MFSA 2017-11, MFSA 2017-12)↗2017-04-19

▶

Ubuntu

libevent vulnerabilities↗2017-03-13

▶

Red Hat

libevent: Out-of-bounds read in search_make_new()↗2016-03-03

▶

Debian

CVE-2016-10197: libevent - The search_make_new function in evdns.c in libevent before 2.1.6-beta allows att...↗2016

▶

💬Community

Bugzilla

3 public security flaws in libevent, which may affect mozilla products↗2017-03-01

▶

Bugzilla

CVE-2016-10197 libevent: Out-of-bounds read in search_make_new()↗2017-02-02

▶

Bugzilla

CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 libevent: various flaws [fedora-all]↗2017-02-02

▶