Vulnerability Details CVE-2015-6525
Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.5%
CVSS Severity
CVSS v2 Score 7.5
References
Products affected by CVE-2015-6525
-
cpe:2.3:a:libevent_project:libevent:2.0.1
-
cpe:2.3:a:libevent_project:libevent:2.0.10
-
cpe:2.3:a:libevent_project:libevent:2.0.11
-
cpe:2.3:a:libevent_project:libevent:2.0.12
-
cpe:2.3:a:libevent_project:libevent:2.0.13
-
cpe:2.3:a:libevent_project:libevent:2.0.14
-
cpe:2.3:a:libevent_project:libevent:2.0.15
-
cpe:2.3:a:libevent_project:libevent:2.0.16
-
cpe:2.3:a:libevent_project:libevent:2.0.17
-
cpe:2.3:a:libevent_project:libevent:2.0.18
-
cpe:2.3:a:libevent_project:libevent:2.0.19
-
cpe:2.3:a:libevent_project:libevent:2.0.2
-
cpe:2.3:a:libevent_project:libevent:2.0.20
-
cpe:2.3:a:libevent_project:libevent:2.0.21
-
cpe:2.3:a:libevent_project:libevent:2.0.3
-
cpe:2.3:a:libevent_project:libevent:2.0.4
-
cpe:2.3:a:libevent_project:libevent:2.0.5
-
cpe:2.3:a:libevent_project:libevent:2.0.6
-
cpe:2.3:a:libevent_project:libevent:2.0.7
-
cpe:2.3:a:libevent_project:libevent:2.0.8
-
cpe:2.3:a:libevent_project:libevent:2.0.9
-
cpe:2.3:a:libevent_project:libevent:2.1.1
-
cpe:2.3:a:libevent_project:libevent:2.1.2
-
cpe:2.3:a:libevent_project:libevent:2.1.3
-
cpe:2.3:a:libevent_project:libevent:2.1.4
-
cpe:2.3:o:debian:debian_linux:7.1