← Back

CVE-2015-6525

nvd nist
Published: Aug 24, 2015Modified: May 6, 2026

JSON object

Loading...
7.5
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Exploitability: 10.0 / Impact: 6.4
Source: NVD

Description

Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions.

Affected (26)

Debian
1 product
Debian Linux
Libevent Project
1 product
Libevent
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 7.1
Configuration B
25 vulnerable
Vulnerable SoftwareAffected Versions
Libevent Project
Libevent
Version 2.0.10
Libevent
Version 2.0.11
Libevent
Version 2.0.12
Libevent
Version 2.0.13
Libevent
Version 2.0.14
Libevent
Version 2.0.15
Libevent
Version 2.0.16
Libevent
Version 2.0.17
Libevent
Version 2.0.18
Libevent
Version 2.0.19
Libevent
Version 2.0.1
Libevent
Version 2.0.20
Libevent
Version 2.0.21
Libevent
Version 2.0.2
Libevent
Version 2.0.3
Libevent
Version 2.0.4
Libevent
Version 2.0.5
Libevent
Version 2.0.6
Libevent
Version 2.0.7
Libevent
Version 2.0.8
Libevent
Version 2.0.9
Libevent
Version 2.1.1
Libevent
Version 2.1.2
Libevent
Version 2.1.3
Libevent
Version 2.1.4

Related CWEs

CWE-189
CWE-189

References (4)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.