New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libevent (stack) buffer overflow in evutil_parse_sockaddr_port() #318
Labels
Comments
|
Fixed, @asn-the-goblin-slayer thanks for the detailed reported!
|
|
This was assigned CVE-2016-10196: |
BrendanCunningham
pushed a commit
to BrendanCunningham/ompi
that referenced
this issue
Jul 26, 2022
…i#10542. CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10195 libevent issue: libevent dns remote stack overread vulnerability libevent/libevent#317 libevent fixing commit: libevent/libevent@96f64a0 CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10196 libevent issue: libevent (stack) buffer overflow in evutil_parse_sockaddr_port() libevent/libevent#318 libevent fixing commit: libevent/libevent@329acc1 CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10197 libevent issue: out-of-bounds read in search_make_new() libevent/libevent#332 libevent fixing commit: libevent/libevent@ec65c42 Signed-off-by: Brendan Cunningham <bcunningham@cornelisnetworks.com>
jsquyres
pushed a commit
to BrendanCunningham/ompi
that referenced
this issue
Sep 22, 2022
…i#10542. CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10195 libevent issue: libevent dns remote stack overread vulnerability libevent/libevent#317 libevent fixing commit: libevent/libevent@96f64a0 CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10196 libevent issue: libevent (stack) buffer overflow in evutil_parse_sockaddr_port() libevent/libevent#318 libevent fixing commit: libevent/libevent@329acc1 CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10197 libevent issue: out-of-bounds read in search_make_new() libevent/libevent#332 libevent fixing commit: libevent/libevent@ec65c42 Signed-off-by: Brendan Cunningham <bcunningham@cornelisnetworks.com>
jsquyres
pushed a commit
to BrendanCunningham/ompi
that referenced
this issue
Sep 22, 2022
…i#10542. CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10195 libevent issue: libevent dns remote stack overread vulnerability libevent/libevent#317 libevent fixing commit: libevent/libevent@96f64a0 CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10196 libevent issue: libevent (stack) buffer overflow in evutil_parse_sockaddr_port() libevent/libevent#318 libevent fixing commit: libevent/libevent@329acc1 CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-10197 libevent issue: out-of-bounds read in search_make_new() libevent/libevent#332 libevent fixing commit: libevent/libevent@ec65c42 Signed-off-by: Brendan Cunningham <bcunningham@cornelisnetworks.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
in
evutil.c:Length between '[' and ']' is cast to signed 32 bit integer on line 1815. Is the length is more than 2<<31 (INT_MAX), len will hold a negative value. Consequently, it will pass the check at line 1816. Segfault happens at line 1819.
Generate a resolv.conf with generate-resolv.conf, then compile and run poc.c. See entry-functions.txt for functions in tor that might be vulnerable.
Please credit 'Guido Vranken' for this discovery through the Tor bug bounty program.
The text was updated successfully, but these errors were encountered: