Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the: (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions. References: http://archives.seul.org/libevent/users/Jan-2015/msg00010.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6525
Created libevent tracking bugs for this issue: Affects: fedora-all [bug 1256804]
These issue were already investigated as part of CVE-2014-6272 (see bug 1144646), from which this CVE was split out. There is no new issue under this new CVE, only some issues that were originally tracked under CVE-2014-6272 now have a separate id. This CVE-2015-6525 only covers issues in APIs only available in libevent 2.0 and later.