FreeBSD : libevent -- integer overflow in evbuffers (daa8a49b-99b9-11e4-8f66-3085a9a4510d)
High Nessus Plugin ID 80454
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionDebian Security Team reports :
Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t.
SolutionUpdate the affected packages.