7.5

CVE-2014-6272

EPSS 1.09%
Veröffentlicht 24.08.2015 14:59:01
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle security@debian.org
Teams Watchlist Login
Unerledigt Login

Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop.  NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Debian ≫ Debian Linux Version7.0

Libevent Project ≫ Libevent Version1.4.0

Libevent Project ≫ Libevent Version1.4.1

Libevent Project ≫ Libevent Version1.4.2

Libevent Project ≫ Libevent Version1.4.3

Libevent Project ≫ Libevent Version1.4.4

Libevent Project ≫ Libevent Version1.4.5

Libevent Project ≫ Libevent Version1.4.6

Libevent Project ≫ Libevent Version1.4.7

Libevent Project ≫ Libevent Version1.4.8

Libevent Project ≫ Libevent Version1.4.9

Libevent Project ≫ Libevent Version1.4.10

Libevent Project ≫ Libevent Version1.4.11

Libevent Project ≫ Libevent Version1.4.12

Libevent Project ≫ Libevent Version1.4.13

Libevent Project ≫ Libevent Version1.4.14

Libevent Project ≫ Libevent Version2.0.1

Libevent Project ≫ Libevent Version2.0.2

Libevent Project ≫ Libevent Version2.0.3

Libevent Project ≫ Libevent Version2.0.4

Libevent Project ≫ Libevent Version2.0.5

Libevent Project ≫ Libevent Version2.0.6

Libevent Project ≫ Libevent Version2.0.7

Libevent Project ≫ Libevent Version2.0.8

Libevent Project ≫ Libevent Version2.0.9

Libevent Project ≫ Libevent Version2.0.10

Libevent Project ≫ Libevent Version2.0.11

Libevent Project ≫ Libevent Version2.0.12

Libevent Project ≫ Libevent Version2.0.13

Libevent Project ≫ Libevent Version2.0.14

Libevent Project ≫ Libevent Version2.0.15

Libevent Project ≫ Libevent Version2.0.16

Libevent Project ≫ Libevent Version2.0.17

Libevent Project ≫ Libevent Version2.0.18

Libevent Project ≫ Libevent Version2.0.19

Libevent Project ≫ Libevent Version2.0.20

Libevent Project ≫ Libevent Version2.0.21

Libevent Project ≫ Libevent Version2.1.1

Libevent Project ≫ Libevent Version2.1.2

Libevent Project ≫ Libevent Version2.1.3

Libevent Project ≫ Libevent Version2.1.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.09%	0.758

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://archives.seul.org/libevent/users/Jan-2015/msg00010.html

Vendor Advisory

http://www.debian.org/security/2015/dsa-3119

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.366317

https://puppet.com/security/cve/CVE-2014-6272

https://nvd.nist.gov/vuln/detail/CVE-2014-6272

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-6272

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-6272

EUVD