FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-02-13 20:06:50 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
b8ee7a81-a879-4358-9b30-7dd1bd4c14b1	libevent -- multiple vulnerabilities Debian Security reports: CVE-2016-10195: The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read. CVE-2016-10196: Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument. CVE-2016-10197: The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname. Discovery 2017-01-31 Entry 2017-04-19 libevent libevent2 linux-c6-libevent2 linux-c7-libevent < 2.1.6 CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 http://www.openwall.com/lists/oss-security/2017/01/31/17 https://github.com/libevent/libevent/issues/317 https://github.com/libevent/libevent/issues/318 https://github.com/libevent/libevent/issues/332 https://github.com/libevent/libevent/issues/335
daa8a49b-99b9-11e4-8f66-3085a9a4510d	libevent -- integer overflow in evbuffers Debian Security Team reports: Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t. Discovery 2015-01-05 Entry 2015-01-11 Modified 2017-02-20 libevent < 1.4.15 >= 2.0 lt 2.0.22 libevent2 < 2.0.22 CVE-2014-6272 https://www.debian.org/security/2015/dsa-3119

VuXML ID

Description

b8ee7a81-a879-4358-9b30-7dd1bd4c14b1

libevent -- multiple vulnerabilities

Debian Security reports:

CVE-2016-10195: The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.

CVE-2016-10196: Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.

CVE-2016-10197: The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.

Discovery 2017-01-31
Entry 2017-04-19
libevent
libevent2
linux-c6-libevent2
linux-c7-libevent

< 2.1.6

CVE-2016-10195
CVE-2016-10196
CVE-2016-10197
http://www.openwall.com/lists/oss-security/2017/01/31/17
https://github.com/libevent/libevent/issues/317
https://github.com/libevent/libevent/issues/318
https://github.com/libevent/libevent/issues/332
https://github.com/libevent/libevent/issues/335

daa8a49b-99b9-11e4-8f66-3085a9a4510d

libevent -- integer overflow in evbuffers

Debian Security Team reports:

Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t.

Discovery 2015-01-05
Entry 2015-01-11
Modified 2017-02-20
libevent

< 1.4.15

>= 2.0 lt 2.0.22

libevent2

< 2.0.22

CVE-2014-6272
https://www.debian.org/security/2015/dsa-3119