Stack-based buffer overflow in the evutilparsesockaddrport function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ipas_string argument.
{ "vanir_signatures": [ { "id": "CVE-2016-10196-27612800", "digest": { "line_hashes": [ "150950762839313443854128451278399393403", "156066307512493417114155182452196228317", "284286474332607600344405972541101859336", "213310763593689227919181651068431535940", "123729570573793670263357540440117772099", "2756236998268050881793369281074788681", "154193229467838285812135636366529729055", "160986861496127588749569741143093255020", "4382978669650176026683552117197548399" ], "threshold": 0.9 }, "source": "https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5", "signature_version": "v1", "target": { "file": "evutil.c" }, "deprecated": false, "signature_type": "Line" }, { "id": "CVE-2016-10196-e69ca298", "digest": { "length": 1955.0, "function_hash": "243983321357223491177841111507201921392" }, "source": "https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5", "signature_version": "v1", "target": { "function": "evutil_parse_sockaddr_port", "file": "evutil.c" }, "deprecated": false, "signature_type": "Function" } ] }