ByteOS Network

NVD Vulnerability Details :

CVE-2015-6525

Deferred

Source-cve@mitre.org

Published At-24 Aug, 2015 | 14:59

Updated At-12 Apr, 2025 | 10:46

Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

Debian GNU/Linux

>>debian_linux>>7.1

cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*

libevent_project>>libevent>>2.0.1

cpe:2.3:a:libevent_project:libevent:2.0.1:*:*:*:*:*:*:*

libevent_project>>libevent>>2.0.2

cpe:2.3:a:libevent_project:libevent:2.0.2:*:*:*:*:*:*:*

libevent_project>>libevent>>2.0.3

cpe:2.3:a:libevent_project:libevent:2.0.3:*:*:*:*:*:*:*

libevent_project>>libevent>>2.0.4

cpe:2.3:a:libevent_project:libevent:2.0.4:*:*:*:*:*:*:*

libevent_project>>libevent>>2.0.5

cpe:2.3:a:libevent_project:libevent:2.0.5:*:*:*:*:*:*:*

libevent_project>>libevent>>2.0.6

cpe:2.3:a:libevent_project:libevent:2.0.6:*:*:*:*:*:*:*

libevent_project>>libevent>>2.0.7

cpe:2.3:a:libevent_project:libevent:2.0.7:*:*:*:*:*:*:*

libevent_project>>libevent>>2.0.8

cpe:2.3:a:libevent_project:libevent:2.0.8:*:*:*:*:*:*:*

libevent_project>>libevent>>2.0.9

cpe:2.3:a:libevent_project:libevent:2.0.9:*:*:*:*:*:*:*

libevent_project>>libevent>>2.0.10

cpe:2.3:a:libevent_project:libevent:2.0.10:*:*:*:*:*:*:*

libevent_project>>libevent>>2.0.11

cpe:2.3:a:libevent_project:libevent:2.0.11:*:*:*:*:*:*:*

libevent_project>>libevent>>2.0.12

cpe:2.3:a:libevent_project:libevent:2.0.12:*:*:*:*:*:*:*

libevent_project>>libevent>>2.0.13

cpe:2.3:a:libevent_project:libevent:2.0.13:*:*:*:*:*:*:*

libevent_project>>libevent>>2.0.14

cpe:2.3:a:libevent_project:libevent:2.0.14:*:*:*:*:*:*:*

libevent_project>>libevent>>2.0.15

cpe:2.3:a:libevent_project:libevent:2.0.15:*:*:*:*:*:*:*

libevent_project>>libevent>>2.0.16

cpe:2.3:a:libevent_project:libevent:2.0.16:*:*:*:*:*:*:*

libevent_project>>libevent>>2.0.17

cpe:2.3:a:libevent_project:libevent:2.0.17:*:*:*:*:*:*:*

libevent_project>>libevent>>2.0.18

cpe:2.3:a:libevent_project:libevent:2.0.18:*:*:*:*:*:*:*

libevent_project>>libevent>>2.0.19

cpe:2.3:a:libevent_project:libevent:2.0.19:*:*:*:*:*:*:*

libevent_project>>libevent>>2.0.20

cpe:2.3:a:libevent_project:libevent:2.0.20:*:*:*:*:*:*:*

libevent_project>>libevent>>2.0.21

cpe:2.3:a:libevent_project:libevent:2.0.21:*:*:*:*:*:*:*

libevent_project>>libevent>>2.1.1

cpe:2.3:a:libevent_project:libevent:2.1.1:*:*:*:*:*:*:*

libevent_project>>libevent>>2.1.2

cpe:2.3:a:libevent_project:libevent:2.1.2:*:*:*:*:*:*:*

libevent_project>>libevent>>2.1.3

cpe:2.3:a:libevent_project:libevent:2.1.3:*:*:*:*:*:*:*

libevent_project>>libevent>>2.1.4

cpe:2.3:a:libevent_project:libevent:2.1.4:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-189	Primary	nvd@nist.gov

CWE ID: CWE-189

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://archives.seul.org/libevent/users/Jan-2015/msg00010.html	cve@mitre.org	Vendor Advisory
http://www.debian.org/security/2015/dsa-3119	cve@mitre.org	N/A
http://archives.seul.org/libevent/users/Jan-2015/msg00010.html	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.debian.org/security/2015/dsa-3119	af854a3a-2127-422b-91ae-364da2661108	N/A