Vulnerability Details CVE-2016-10197
The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www.debian.org/security/2017/dsa-3789
- http://www.openwall.com/lists/oss-security/2017/01/31/17
- http://www.openwall.com/lists/oss-security/2017/02/02/7
- http://www.securityfocus.com/bid/96014
- http://www.securitytracker.com/id/1038320
- https://access.redhat.com/errata/RHSA-2017:1104
- https://access.redhat.com/errata/RHSA-2017:1106
- https://access.redhat.com/errata/RHSA-2017:1201
- https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog
- https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e
- https://github.com/libevent/libevent/issues/332
- https://security.gentoo.org/glsa/201705-01
- http://www.debian.org/security/2017/dsa-3789
- http://www.openwall.com/lists/oss-security/2017/01/31/17
- http://www.openwall.com/lists/oss-security/2017/02/02/7
- http://www.securityfocus.com/bid/96014
- http://www.securitytracker.com/id/1038320
- https://access.redhat.com/errata/RHSA-2017:1104
- https://access.redhat.com/errata/RHSA-2017:1106
- https://access.redhat.com/errata/RHSA-2017:1201
- https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog
- https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e
- https://github.com/libevent/libevent/issues/332
- https://security.gentoo.org/glsa/201705-01
Products affected by CVE-2016-10197
-
cpe:2.3:a:libevent_project:libevent:0.1
-
cpe:2.3:a:libevent_project:libevent:0.2b
-
cpe:2.3:a:libevent_project:libevent:0.3c
-
cpe:2.3:a:libevent_project:libevent:0.3d
-
cpe:2.3:a:libevent_project:libevent:0.4
-
cpe:2.3:a:libevent_project:libevent:0.5
-
cpe:2.3:a:libevent_project:libevent:0.6
-
cpe:2.3:a:libevent_project:libevent:0.7a
-
cpe:2.3:a:libevent_project:libevent:0.7b
-
cpe:2.3:a:libevent_project:libevent:0.7c
-
cpe:2.3:a:libevent_project:libevent:0.8
-
cpe:2.3:a:libevent_project:libevent:0.8a
-
cpe:2.3:a:libevent_project:libevent:0.9
-
cpe:2.3:a:libevent_project:libevent:1.0
-
cpe:2.3:a:libevent_project:libevent:1.0a
-
cpe:2.3:a:libevent_project:libevent:1.0b
-
cpe:2.3:a:libevent_project:libevent:1.0c
-
cpe:2.3:a:libevent_project:libevent:1.0d
-
cpe:2.3:a:libevent_project:libevent:1.0e
-
cpe:2.3:a:libevent_project:libevent:1.1
-
cpe:2.3:a:libevent_project:libevent:1.1a
-
cpe:2.3:a:libevent_project:libevent:1.1b
-
cpe:2.3:a:libevent_project:libevent:1.2
-
cpe:2.3:a:libevent_project:libevent:1.2a
-
cpe:2.3:a:libevent_project:libevent:1.3a
-
cpe:2.3:a:libevent_project:libevent:1.3b
-
cpe:2.3:a:libevent_project:libevent:1.3c
-
cpe:2.3:a:libevent_project:libevent:1.3d
-
cpe:2.3:a:libevent_project:libevent:1.3e
-
cpe:2.3:a:libevent_project:libevent:1.4.0
-
cpe:2.3:a:libevent_project:libevent:1.4.1
-
cpe:2.3:a:libevent_project:libevent:1.4.10
-
cpe:2.3:a:libevent_project:libevent:1.4.11
-
cpe:2.3:a:libevent_project:libevent:1.4.12
-
cpe:2.3:a:libevent_project:libevent:1.4.13
-
cpe:2.3:a:libevent_project:libevent:1.4.14
-
cpe:2.3:a:libevent_project:libevent:1.4.14b
-
cpe:2.3:a:libevent_project:libevent:1.4.15
-
cpe:2.3:a:libevent_project:libevent:1.4.2
-
cpe:2.3:a:libevent_project:libevent:1.4.3
-
cpe:2.3:a:libevent_project:libevent:1.4.4
-
cpe:2.3:a:libevent_project:libevent:1.4.5
-
cpe:2.3:a:libevent_project:libevent:1.4.6
-
cpe:2.3:a:libevent_project:libevent:1.4.7
-
cpe:2.3:a:libevent_project:libevent:1.4.8
-
cpe:2.3:a:libevent_project:libevent:1.4.9
-
cpe:2.3:a:libevent_project:libevent:2.0.1
-
cpe:2.3:a:libevent_project:libevent:2.0.10
-
cpe:2.3:a:libevent_project:libevent:2.0.11
-
cpe:2.3:a:libevent_project:libevent:2.0.12
-
cpe:2.3:a:libevent_project:libevent:2.0.13
-
cpe:2.3:a:libevent_project:libevent:2.0.14
-
cpe:2.3:a:libevent_project:libevent:2.0.15
-
cpe:2.3:a:libevent_project:libevent:2.0.16
-
cpe:2.3:a:libevent_project:libevent:2.0.17
-
cpe:2.3:a:libevent_project:libevent:2.0.18
-
cpe:2.3:a:libevent_project:libevent:2.0.19
-
cpe:2.3:a:libevent_project:libevent:2.0.2
-
cpe:2.3:a:libevent_project:libevent:2.0.20
-
cpe:2.3:a:libevent_project:libevent:2.0.21
-
cpe:2.3:a:libevent_project:libevent:2.0.22
-
cpe:2.3:a:libevent_project:libevent:2.0.23
-
cpe:2.3:a:libevent_project:libevent:2.0.3
-
cpe:2.3:a:libevent_project:libevent:2.0.4
-
cpe:2.3:a:libevent_project:libevent:2.0.5
-
cpe:2.3:a:libevent_project:libevent:2.0.6
-
cpe:2.3:a:libevent_project:libevent:2.0.7
-
cpe:2.3:a:libevent_project:libevent:2.0.8
-
cpe:2.3:a:libevent_project:libevent:2.0.9
-
cpe:2.3:a:libevent_project:libevent:2.1.1
-
cpe:2.3:a:libevent_project:libevent:2.1.2
-
cpe:2.3:a:libevent_project:libevent:2.1.3
-
cpe:2.3:a:libevent_project:libevent:2.1.4
-
cpe:2.3:a:libevent_project:libevent:2.1.5
-
cpe:2.3:o:debian:debian_linux:8.0