Bug 1256797 - (CVE-2015-6525) CVE-2015-6525 libevent: multiple integer overflows in the evbuffer APIs
CVE-2015-6525 libevent: multiple integer overflows in the evbuffer APIs
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20150824,repor...
: Security
Depends On: 1178963 1256804
Blocks: 1256801
  Show dependency treegraph
 
Reported: 2015-08-25 09:05 EDT by Adam Mariš
Modified: 2015-12-02 02:51 EST (History)
3 users (show)

See Also:
Fixed In Version: libevent 1.4.15, libevent 2.0.22, libevent 2.1.5
Doc Type: Bug Fix
Doc Text:
Multiple integer overflow flaws were found in the libevent's evbuffer API. An attacker able to make an application pass an excessively long input to libevent using the API could use these flaws to make the application enter an infinite loop, crash, and, possibly, execute arbitrary code.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Adam Mariš 2015-08-25 09:05:33 EDT
Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the:

(1) evbuffer_add, 
(2) evbuffer_prepend, 
(3) evbuffer_expand, 
(4) exbuffer_reserve_space, or 
(5) evbuffer_read function, 

which triggers a heap-based buffer overflow or an infinite loop. 

NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions.

References:

http://archives.seul.org/libevent/users/Jan-2015/msg00010.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6525
Comment 1 Adam Mariš 2015-08-25 09:23:05 EDT
Created libevent tracking bugs for this issue:

Affects: fedora-all [bug 1256804]
Comment 2 Tomas Hoger 2015-12-01 07:59:03 EST
These issue were already investigated as part of CVE-2014-6272 (see bug 1144646), from which this CVE was split out.  There is no new issue under this new CVE, only some issues that were originally tracked under CVE-2014-6272 now have a separate id.  This CVE-2015-6525 only covers issues in APIs only available in libevent 2.0 and later.

Note You need to log in before you can comment on or make changes to this bug.