Debian Libevent vulnerabilities

6 known vulnerabilities affecting debian/libevent.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4LOW1

Vulnerabilities

Page 1 of 1
CVE-2016-10195CRITICALCVSS 9.8fixed in libevent 2.0.21-stable-3 (bookworm)2016
CVE-2016-10195 [CRITICAL] CVE-2016-10195: libevent - The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote a... The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read. Scope: local bookworm: resolved (fixed in 2.0.21-stable-3) bullseye: resolved (fixed in 2.0.21-stable-3) forky: resolved (fixed in 2.0.21-stable-3) sid: reso
debian
CVE-2016-10196HIGHCVSS 7.5fixed in libevent 2.0.21-stable-3 (bookworm)2016
CVE-2016-10196 [HIGH] CVE-2016-10196: libevent - Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil... Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument. Scope: local bookworm: resolved (fixed in 2.0.21-stable-3) bullseye: resolved (fixed in 2.0.21-stable-3) fork
debian
CVE-2016-10197HIGHCVSS 7.5fixed in libevent 2.0.21-stable-3 (bookworm)2016
CVE-2016-10197 [HIGH] CVE-2016-10197: libevent - The search_make_new function in evdns.c in libevent before 2.1.6-beta allows att... The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname. Scope: local bookworm: resolved (fixed in 2.0.21-stable-3) bullseye: resolved (fixed in 2.0.21-stable-3) forky: resolved (fixed in 2.0.21-stable-3) sid: resolved (fixed in 2.0.21-stable-3) trixie: resolved (
debian
CVE-2015-6525HIGHCVSS 7.5fixed in libevent 2.0.21-stable-2 (bookworm)2015
CVE-2015-6525 [HIGH] CVE-2015-6525: libevent - Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 a... Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, wh
debian
CVE-2014-6272HIGHCVSS 7.5fixed in libevent 2.0.21-stable-2 (bookworm)2014
CVE-2014-6272 [HIGH] CVE-2014-6272: libevent - Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, ... Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-base
debian
CVE-2007-1030LOWCVSS 7.82007
CVE-2007-1030 [HIGH] CVE-2007-1030: libevent - Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of ... Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved
debian