Guido Vranken discovered that libevent incorrectly handled memory when processing certain data. A remote attacker could possibly use this issue with an application that uses libevent to cause a denial of service, or possibly execute arbitrary code.
{ "binaries": [ { "binary_version": "2.0.21-stable-1ubuntu1.14.04.2", "binary_name": "libevent-2.0-5" }, { "binary_version": "2.0.21-stable-1ubuntu1.14.04.2", "binary_name": "libevent-core-2.0-5" }, { "binary_version": "2.0.21-stable-1ubuntu1.14.04.2", "binary_name": "libevent-dev" }, { "binary_version": "2.0.21-stable-1ubuntu1.14.04.2", "binary_name": "libevent-extra-2.0-5" }, { "binary_version": "2.0.21-stable-1ubuntu1.14.04.2", "binary_name": "libevent-openssl-2.0-5" }, { "binary_version": "2.0.21-stable-1ubuntu1.14.04.2", "binary_name": "libevent-pthreads-2.0-5" } ], "availability": "No subscription required" }
{ "cves_map": { "cves": [ { "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2016-10195" }, { "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" }, { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2016-10196" }, { "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" }, { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" }, { "score": "low", "type": "Ubuntu" } ], "id": "CVE-2016-10197" } ], "ecosystem": "Ubuntu:14.04:LTS" } }
{ "binaries": [ { "binary_version": "2.0.21-stable-2ubuntu0.16.04.1", "binary_name": "libevent-2.0-5" }, { "binary_version": "2.0.21-stable-2ubuntu0.16.04.1", "binary_name": "libevent-core-2.0-5" }, { "binary_version": "2.0.21-stable-2ubuntu0.16.04.1", "binary_name": "libevent-dev" }, { "binary_version": "2.0.21-stable-2ubuntu0.16.04.1", "binary_name": "libevent-extra-2.0-5" }, { "binary_version": "2.0.21-stable-2ubuntu0.16.04.1", "binary_name": "libevent-openssl-2.0-5" }, { "binary_version": "2.0.21-stable-2ubuntu0.16.04.1", "binary_name": "libevent-pthreads-2.0-5" } ], "availability": "No subscription required" }
{ "cves_map": { "cves": [ { "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2016-10195" }, { "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" }, { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2016-10196" }, { "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" }, { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" }, { "score": "low", "type": "Ubuntu" } ], "id": "CVE-2016-10197" } ], "ecosystem": "Ubuntu:16.04:LTS" } }