libevent/libevent on GitHub
Event notification library
CVE History
| CVE | Published | CVSS v2 | CVSS v3 |
|---|---|---|---|
| CVE-2016-10195 | 9.8 CRITICAL | 7.5 HIGH | |
| The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read. | |||
| CVE-2016-10196 | 7.5 HIGH | 5 MEDIUM | |
| Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument. | |||
| CVE-2016-10197 | 7.5 HIGH | 5 MEDIUM | |
| The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname. | |||