CVE-2015-6525
Public on 2015-08-24
Modified on 2019-11-14
Description
Multiple integer overflow flaws were found in the libevent's evbuffer API. An attacker able to make an application pass an excessively long input to libevent using the API could use these flaws to make the application enter an infinite loop, crash, and, possibly, execute arbitrary code.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | libevent | 2019-11-11 | ALAS2-2019-1359 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv2 | 5.1 | AV:N/AC:H/Au:N/C:P/I:P/A:P |
| NVD | CVSSv2 | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P |