PT-2016-3318 · Libevent+5 · Libevent+5

Huzaifa Sidhpurwala

Published

2016-12-31

Updated

2024-10-21

CVE-2016-10196

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libevent versions prior to 2.1.6-beta

Description The issue is related to a stack-based buffer overflow in the evutil parse sockaddr port function, which can be exploited by attackers to cause a denial of service, resulting in a segmentation fault. This can be achieved by providing a long string in brackets in the ip as string argument. The vulnerability allows remote attackers to disrupt service.

Recommendations For versions prior to 2.1.6-beta, update to version 2.1.6-beta or later to resolve the issue. As a temporary workaround, consider restricting input to the evutil parse sockaddr port function to prevent long strings in brackets from being processed.

Exploit

Fix

DoS

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-119

Related Identifiers

ALT-PU-2017-1553

ALT-PU-2017-1577

ALT-PU-2017-1578

ALT-PU-2018-1854

BDU:2020-05801

CESA-2017_1104

CESA-2017_1106

CESA-2017_1201

CVE-2016-10196

DLA-824-1

DSA-3789-1

MGASA-2017-0066

MGASA-2018-0018

RHSA-2017:1104

RHSA-2017:1106

RHSA-2017:1201

RHSA-2017_1104

RHSA-2017_1106

RHSA-2017_1201

SUSE-SU-2017:1669-1

SUSE-SU-2017:2235-1

SUSE-SU-2017_1669-1

SUSE-SU-2018:0200-1

SUSE-SU-2018:0263-1

USN-3228-1

USN-3278-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Libevent

PT-2016-3318 · Libevent+5 · Libevent+5

CVE-2016-10196

Weakness Enumeration

Related Identifiers

Affected Products

References · 166