Bug 943011 - (CVE-2015-6525) VUL-1: CVE-2015-6525: libevent: Multiple integer overflows in the evbuffer API
(CVE-2015-6525)
VUL-1: CVE-2015-6525: libevent: Multiple integer overflows in the evbuffer API
Status: RESOLVED DUPLICATE of bug 897243
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Marcus Meissner
Security Team bot
https://smash.suse.de/issue/138610/
CVSSv2:SUSE:CVE-2015-6525:2.6:(AV:L/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-25 08:20 UTC by Sebastian Krahmer
Modified: 2019-12-10 09:40 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2015-08-25 08:20:52 UTC
CVE-2015-6525

Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22
and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial
of service or possibly have other unspecified impact via "insanely large inputs"
to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4)
exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a
heap-based buffer overflow or an infinite loop.  NOTE: this identifier was SPLIT
from CVE-2014-6272 per ADT3 due to different affected versions.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6525
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6525
Comment 1 Swamp Workflow Management 2015-08-25 22:00:46 UTC
bugbot adjusting priority
Comment 2 Karol Babioch 2018-01-12 13:36:55 UTC
This is a duplicate of CVE-2014-6272 as it was splitted due to different affected version.

*** This bug has been marked as a duplicate of bug 897243 ***