Vulnerability Details : CVE-2015-6525
Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2015-6525
- cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:libevent_project:libevent:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:libevent_project:libevent:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:libevent_project:libevent:2.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:libevent_project:libevent:2.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:libevent_project:libevent:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:libevent_project:libevent:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:libevent_project:libevent:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:libevent_project:libevent:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:libevent_project:libevent:2.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:libevent_project:libevent:2.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:libevent_project:libevent:2.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:libevent_project:libevent:2.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:libevent_project:libevent:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:libevent_project:libevent:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:libevent_project:libevent:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:libevent_project:libevent:2.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:libevent_project:libevent:2.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:libevent_project:libevent:2.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:libevent_project:libevent:2.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:libevent_project:libevent:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:libevent_project:libevent:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:libevent_project:libevent:2.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:libevent_project:libevent:2.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:libevent_project:libevent:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:libevent_project:libevent:2.1.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-6525
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-6525
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2015-6525
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-6525
-
http://archives.seul.org/libevent/users/Jan-2015/msg00010.html
[Libevent-users] Advisory: integer overflow in evbuffers for Libevent <= 1.4.14b,2.0.21,2.1.4-alpha [CVE-2014-6272]Vendor Advisory
-
http://www.debian.org/security/2015/dsa-3119
Debian -- Security Information -- DSA-3119-1 libevent
Jump to