Libevent Project Libevent vulnerabilities

5 known vulnerabilities affecting libevent_project/libevent.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4

Vulnerabilities

Page 1 of 1
CVE-2016-10195CRITICALCVSS 9.8≤ 2.1.52017-03-15
CVE-2016-10195 [CRITICAL] CWE-125 CVE-2016-10195: The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have uns The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.
nvdosv
CVE-2016-10196HIGHCVSS 7.5≤ 2.1.52017-03-15
CVE-2016-10196 [HIGH] CWE-787 CVE-2016-10196: Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent befor Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.
nvdosv
CVE-2016-10197HIGHCVSS 7.5≤ 2.1.52017-03-15
CVE-2016-10197 [HIGH] CWE-125 CVE-2016-10197: The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a de The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.
nvdosv
CVE-2015-6525HIGHCVSS 7.5v2.0.1v2.0.2+23 more2015-08-24
CVE-2015-6525 [HIGH] CVE-2015-6525: Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1. Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read functi
nvdosv
CVE-2014-6272HIGHCVSS 7.5v1.4.0v1.4.1+38 more2015-08-24
CVE-2014-6272 [HIGH] CWE-189 CVE-2014-6272: Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which trigge
nvdosv