CVE-2015-6525

Publication date 24 August 2015

Last updated 24 July 2024

Ubuntu priority

Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libevent	15.04 vivid	Not affected
	14.04 LTS trusty	Fixed 2.0.21-stable-1ubuntu1.14.04.1
	12.04 LTS precise	Fixed 2.0.16-stable-1ubuntu0.1

Notes

mdeslaur

CVE was split from CVE-2014-6272, but fixes were already applied in usn-2477-1

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libevent	Upstream: 7b21c4e Upstream: 20d6d44 Upstream: 841ecbd

CVE-2015-6525

Status

Notes

mdeslaur

Patch details

References

Other references