Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

libevent dns remote stack overread vulnerability #317

Closed
asn-d6 opened this issue Jan 27, 2016 · 2 comments
Closed

libevent dns remote stack overread vulnerability #317

asn-d6 opened this issue Jan 27, 2016 · 2 comments
Assignees

Comments

@asn-d6
Copy link

asn-d6 commented Jan 27, 2016

Hello,

the name_parse() function in libevent's DNS code is vulnerable to a buffer overread.

971         if (cp != name_out) {
972             if (cp + 1 >= end) return -1;
973             *cp++ = '.';
974         }
975         if (cp + label_len >= end) return -1;
976         memcpy(cp, packet + j, label_len);
977         cp += label_len;
978         j += label_len;

No check is made against length before the memcpy occurs.

This was found through the Tor bug bounty program and the discovery should be credited to 'Guido Vranken'.

@azat azat self-assigned this Feb 1, 2016
@azat azat closed this as completed in 96f64a0 Feb 1, 2016
@azat
Copy link
Member

azat commented Feb 1, 2016 via email

@lfam
Copy link

lfam commented Feb 2, 2017

This was assigned CVE-2016-10195:

http://seclists.org/oss-sec/2017/q1/282

BrendanCunningham pushed a commit to BrendanCunningham/ompi that referenced this issue Jul 26, 2022
…i#10542.

CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10195
libevent issue: libevent dns remote stack overread vulnerability
    libevent/libevent#317
libevent fixing commit: libevent/libevent@96f64a0

CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10196
libevent issue: libevent (stack) buffer overflow in
    evutil_parse_sockaddr_port() libevent/libevent#318
libevent fixing commit: libevent/libevent@329acc1

CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10197
libevent issue: out-of-bounds read in search_make_new()
    libevent/libevent#332
libevent fixing commit: libevent/libevent@ec65c42

Signed-off-by: Brendan Cunningham <bcunningham@cornelisnetworks.com>
jsquyres pushed a commit to BrendanCunningham/ompi that referenced this issue Sep 22, 2022
…i#10542.

CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10195
libevent issue: libevent dns remote stack overread vulnerability
    libevent/libevent#317
libevent fixing commit: libevent/libevent@96f64a0

CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10196
libevent issue: libevent (stack) buffer overflow in
    evutil_parse_sockaddr_port() libevent/libevent#318
libevent fixing commit: libevent/libevent@329acc1

CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10197
libevent issue: out-of-bounds read in search_make_new()
    libevent/libevent#332
libevent fixing commit: libevent/libevent@ec65c42

Signed-off-by: Brendan Cunningham <bcunningham@cornelisnetworks.com>
jsquyres pushed a commit to BrendanCunningham/ompi that referenced this issue Sep 22, 2022
…i#10542.

CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10195
libevent issue: libevent dns remote stack overread vulnerability
    libevent/libevent#317
libevent fixing commit: libevent/libevent@96f64a0

CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10196
libevent issue: libevent (stack) buffer overflow in
    evutil_parse_sockaddr_port() libevent/libevent#318
libevent fixing commit: libevent/libevent@329acc1

CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10197
libevent issue: out-of-bounds read in search_make_new()
    libevent/libevent#332
libevent fixing commit: libevent/libevent@ec65c42

Signed-off-by: Brendan Cunningham <bcunningham@cornelisnetworks.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

3 participants