New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libevent dns remote stack overread vulnerability #317
Comments
|
Fixed, @asn-the-goblin-slayer thanks for the details!
|
|
This was assigned CVE-2016-10195: |
BrendanCunningham
pushed a commit
to BrendanCunningham/ompi
that referenced
this issue
Jul 26, 2022
…i#10542. CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10195 libevent issue: libevent dns remote stack overread vulnerability libevent/libevent#317 libevent fixing commit: libevent/libevent@96f64a0 CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10196 libevent issue: libevent (stack) buffer overflow in evutil_parse_sockaddr_port() libevent/libevent#318 libevent fixing commit: libevent/libevent@329acc1 CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10197 libevent issue: out-of-bounds read in search_make_new() libevent/libevent#332 libevent fixing commit: libevent/libevent@ec65c42 Signed-off-by: Brendan Cunningham <bcunningham@cornelisnetworks.com>
jsquyres
pushed a commit
to BrendanCunningham/ompi
that referenced
this issue
Sep 22, 2022
…i#10542. CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10195 libevent issue: libevent dns remote stack overread vulnerability libevent/libevent#317 libevent fixing commit: libevent/libevent@96f64a0 CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10196 libevent issue: libevent (stack) buffer overflow in evutil_parse_sockaddr_port() libevent/libevent#318 libevent fixing commit: libevent/libevent@329acc1 CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10197 libevent issue: out-of-bounds read in search_make_new() libevent/libevent#332 libevent fixing commit: libevent/libevent@ec65c42 Signed-off-by: Brendan Cunningham <bcunningham@cornelisnetworks.com>
jsquyres
pushed a commit
to BrendanCunningham/ompi
that referenced
this issue
Sep 22, 2022
…i#10542. CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10195 libevent issue: libevent dns remote stack overread vulnerability libevent/libevent#317 libevent fixing commit: libevent/libevent@96f64a0 CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10196 libevent issue: libevent (stack) buffer overflow in evutil_parse_sockaddr_port() libevent/libevent#318 libevent fixing commit: libevent/libevent@329acc1 CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10197 libevent issue: out-of-bounds read in search_make_new() libevent/libevent#332 libevent fixing commit: libevent/libevent@ec65c42 Signed-off-by: Brendan Cunningham <bcunningham@cornelisnetworks.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
the
name_parse()function in libevent's DNS code is vulnerable to a buffer overread.No check is made against
lengthbefore thememcpyoccurs.This was found through the Tor bug bounty program and the discovery should be credited to 'Guido Vranken'.
The text was updated successfully, but these errors were encountered: