PT-2016-3318 · Libevent+5 · Libevent+5

Huzaifa Sidhpurwala

Publicado

2016-12-31

Atualizado

2024-10-21

CVE-2016-10196

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libevent versions prior to 2.1.6-beta

Description The issue is related to a stack-based buffer overflow in the evutil parse sockaddr port function, which can be exploited by attackers to cause a denial of service, resulting in a segmentation fault. This can be achieved by providing a long string in brackets in the ip as string argument. The vulnerability allows remote attackers to disrupt service.

Recommendations For versions prior to 2.1.6-beta, update to version 2.1.6-beta or later to resolve the issue. As a temporary workaround, consider restricting input to the evutil parse sockaddr port function to prevent long strings in brackets from being processed.

Exploit

Correção

DoS

Memory Corruption

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-119

Identificadores relacionados

ALT-PU-2017-1553

ALT-PU-2017-1577

ALT-PU-2017-1578

ALT-PU-2018-1854

BDU:2020-05801

CESA-2017_1104

CESA-2017_1106

CESA-2017_1201

CVE-2016-10196

DLA-824-1

DSA-3789-1

MGASA-2017-0066

MGASA-2018-0018

RHSA-2017:1104

RHSA-2017:1106

RHSA-2017:1201

RHSA-2017_1104

RHSA-2017_1106

RHSA-2017_1201

SUSE-SU-2017:1669-1

SUSE-SU-2017:2235-1

SUSE-SU-2017_1669-1

SUSE-SU-2018:0200-1

SUSE-SU-2018:0263-1

USN-3228-1

USN-3278-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Libevent

PT-2016-3318 · Libevent+5 · Libevent+5

CVE-2016-10196

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 166