FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  456043
Date:      2017-12-11
Time:      14:53:31Z
Committer: tijl

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
daa8a49b-99b9-11e4-8f66-3085a9a4510dlibevent -- integer overflow in evbuffers

Debian Security Team reports:

Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t.


Discovery 2015-01-05
Entry 2015-01-11
Modified 2017-02-20
libevent
lt 1.4.15

ge 2.0 lt 2.0.22

libevent2
lt 2.0.22

CVE-2014-6272
https://www.debian.org/security/2015/dsa-3119
b8ee7a81-a879-4358-9b30-7dd1bd4c14b1libevent -- multiple vulnerabilities

Debian Security reports:

CVE-2016-10195: The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.

CVE-2016-10196: Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.

CVE-2016-10197: The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.


Discovery 2017-01-31
Entry 2017-04-19
libevent
libevent2
linux-c6-libevent2
linux-c7-libevent
lt 2.1.6

CVE-2016-10195
CVE-2016-10196
CVE-2016-10197
http://www.openwall.com/lists/oss-security/2017/01/31/17
https://github.com/libevent/libevent/issues/317
https://github.com/libevent/libevent/issues/318
https://github.com/libevent/libevent/issues/332
https://github.com/libevent/libevent/issues/335