Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later.

According to the versions of the libevent package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Multiple integer overflows in the evbuffer API in     Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and     2.1.x before 2.1.5-beta allow context-dependent     attackers to cause a denial of service or possibly have     other unspecified impact via 'insanely large inputs' to     the (1) evbuffer_add, (2) evbuffer_expand, or (3)     bufferevent_write function, which triggers a heap-based     buffer overflow or an infinite loop. NOTE: this     identifier has been SPLIT per ADT3 due to different     affected versions. See CVE-2015-6525 for the functions     that are only affected in 2.0 and later.(CVE-2014-6272)

  - Multiple integer overflows in the evbuffer API in     Libevent 2.0.x before 2.0.22 and 2.1.x before     2.1.5-beta allow context-dependent attackers to cause a     denial of service or possibly have other unspecified     impact via 'insanely large inputs' to the (1)     evbuffer_add, (2) evbuffer_prepend, (3)     evbuffer_expand, (4) exbuffer_reserve_space, or (5)     evbuffer_read function, which triggers a heap-based     buffer overflow or an infinite loop. NOTE: this     identifier was SPLIT from CVE-2014-6272 per ADT3 due to     different affected versions.(CVE-2015-6525)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via 'insanely large inputs' to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE:
this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later. (CVE-2014-6272)

Multiple integer overflow flaws were found in the libevent's evbuffer API. An attacker able to make an application pass an excessively long input to libevent using the API could use these flaws to make the application enter an infinite loop, crash, and, possibly, execute arbitrary code. (CVE-2015-6525)

According to the versions of the libevent package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - Multiple integer overflows in the evbuffer API in     Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and     2.1.x before 2.1.5-beta allow context-dependent     attackers to cause a denial of service or possibly have     other unspecified impact via 'insanely large inputs' to     the (1) evbuffer_add, (2) evbuffer_expand, or (3)     bufferevent_write function, which triggers a heap-based     buffer overflow or an infinite loop. NOTE: this     identifier has been SPLIT per ADT3 due to different     affected versions. See CVE-2015-6525 for the functions     that are only affected in 2.0 and later.(CVE-2014-6272)

  - An out of bounds read vulnerability was found in     libevent in the search_make_new function. If an     attacker could cause an application using libevent to     attempt resolving an empty hostname, an out of bounds     read could occur possibly leading to a     crash.(CVE-2016-10197)

  - A vulnerability was found in libevent with the parsing     of DNS requests and replies. An attacker could send a     forged DNS response to an application using libevent     which could lead to reading data out of bounds on the     heap, potentially disclosing a small amount of     application memory.(CVE-2016-10195)

  - A vulnerability was found in libevent with the parsing     of IPv6 addresses. If an attacker could cause an     application using libevent to parse a malformed address     in IPv6 notation of more than 2GiB in length, a stack     overflow would occur leading to a     crash.(CVE-2016-10196)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the libevent package installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - Multiple integer overflows in the evbuffer API in     Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and     2.1.x before 2.1.5-beta allow context-dependent     attackers to cause a denial of service or possibly have     other unspecified impact via 'insanely large inputs' to     the (1) evbuffer_add, (2) evbuffer_expand, or (3)     bufferevent_write function, which triggers a heap-based     buffer overflow or an infinite loop.(CVE-2014-6272)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

New libevent packages are available for Slackware 14.1 and -current to fix security issues.

The libevent library was vulnerable to a potential heap overflow in the buffer/bufferevent APIs.

This update was prepared by Nguyen Cong who used the upstream-provided patch. Thanks to them!

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201502-07 (libevent: User-assisted execution of arbitrary code)

    Multiple integer overflow errors in libevent could cause a heap-based       buffer overflow.
  Impact :

    A context-dependent attacker could cause an application linked against       libevent to pass an excessively long input through evbuffer, possibly       resulting in execution of arbitrary code with the privileges of the       process or a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

libevent was updated to fixed heap overflows in buffer API (bsc#897243 CVE-2014-6272)

Andrew Bartlett discovered that libevent incorrectly handled large inputs to the evbuffer API. A remote attacker could possibly use this issue with an application that uses libevent to cause a denial of service, or possibly execute arbitrary code.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Debian Security Team reports :

Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t.

Updated libevent packages fix security vulnerability :

Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t (CVE-2014-6272).

Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t.

This update fixes a buffer overflow in the buffered event handling in libevent. (CVE-2014-6272)

ID	Name	Product	Family	Severity
131668	EulerOS 2.0 SP2 : libevent (EulerOS-SA-2019-2515)	Nessus	Huawei Local Security Checks	high
131027	Amazon Linux 2 : libevent (ALAS-2019-1359)	Nessus	Amazon Linux Local Security Checks	high
124942	EulerOS Virtualization 3.0.1.0 : libevent (EulerOS-SA-2019-1439)	Nessus	Huawei Local Security Checks	critical
110740	EulerOS 2.0 SP3 : libevent (EulerOS-SA-2018-1164)	Nessus	Huawei Local Security Checks	high
90203	Slackware 14.1 / current : libevent (SSA:2016-085-01)	Nessus	Slackware Local Security Checks	high
82120	Debian DLA-137-1 : libevent security update	Nessus	Debian Local Security Checks	high
81230	GLSA-201502-07 : libevent: User-assisted execution of arbitrary code	Nessus	Gentoo Local Security Checks	high
80992	openSUSE Security Update : libevent (openSUSE-SU-2015:0132-1)	Nessus	SuSE Local Security Checks	high
80852	Ubuntu 14.04 LTS : libevent vulnerability (USN-2477-1)	Nessus	Ubuntu Local Security Checks	critical
80454	FreeBSD : libevent -- integer overflow in evbuffers (daa8a49b-99b9-11e4-8f66-3085a9a4510d)	Nessus	FreeBSD Local Security Checks	high
80436	Mandriva Linux Security Advisory : libevent (MDVSA-2015:017-1)	Nessus	Mandriva Local Security Checks	high
80393	Debian DSA-3119-1 : libevent - security update	Nessus	Debian Local Security Checks	high
78253	SuSE 11.3 Security Update : libevent (SAT Patch Number 9824)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2014-6272

critical

Tenable Plugins

high

high

critical

high

high

high

high

high

critical

high

high

high

high