7.5

CVE-2015-6525

Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop.  NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version7.1
Libevent ProjectLibevent Version2.0.1
Libevent ProjectLibevent Version2.0.2
Libevent ProjectLibevent Version2.0.3
Libevent ProjectLibevent Version2.0.4
Libevent ProjectLibevent Version2.0.5
Libevent ProjectLibevent Version2.0.6
Libevent ProjectLibevent Version2.0.7
Libevent ProjectLibevent Version2.0.8
Libevent ProjectLibevent Version2.0.9
Libevent ProjectLibevent Version2.0.10
Libevent ProjectLibevent Version2.0.11
Libevent ProjectLibevent Version2.0.12
Libevent ProjectLibevent Version2.0.13
Libevent ProjectLibevent Version2.0.14
Libevent ProjectLibevent Version2.0.15
Libevent ProjectLibevent Version2.0.16
Libevent ProjectLibevent Version2.0.17
Libevent ProjectLibevent Version2.0.18
Libevent ProjectLibevent Version2.0.19
Libevent ProjectLibevent Version2.0.20
Libevent ProjectLibevent Version2.0.21
Libevent ProjectLibevent Version2.1.1
Libevent ProjectLibevent Version2.1.2
Libevent ProjectLibevent Version2.1.3
Libevent ProjectLibevent Version2.1.4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.07% 0.768
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P