FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  456676
Date:      2017-12-18
Time:      21:48:18Z
Committer: asomers

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
b8ee7a81-a879-4358-9b30-7dd1bd4c14b1libevent -- multiple vulnerabilities

Debian Security reports:

CVE-2016-10195: The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.

CVE-2016-10196: Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.

CVE-2016-10197: The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.

Discovery 2017-01-31
Entry 2017-04-19
lt 2.1.6

daa8a49b-99b9-11e4-8f66-3085a9a4510dlibevent -- integer overflow in evbuffers

Debian Security Team reports:

Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t.

Discovery 2015-01-05
Entry 2015-01-11
Modified 2017-02-20
lt 1.4.15

ge 2.0 lt 2.0.22

lt 2.0.22