The nameparse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the labellen variable, which triggers an out-of-bounds stack read.
{ "vanir_signatures": [ { "deprecated": false, "id": "CVE-2016-10195-3b821893", "signature_version": "v1", "digest": { "length": 877.0, "function_hash": "230810917948425696078014435790478542403" }, "signature_type": "Function", "target": { "function": "name_parse", "file": "evdns.c" }, "source": "https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d" }, { "deprecated": false, "id": "CVE-2016-10195-87e11fd7", "signature_version": "v1", "digest": { "line_hashes": [ "106612348666783545995288764119330317910", "99528596204269176743159437588130556516", "276937442475470391917172913239826145816", "317810233472634170587977236046065416806", "290818586757130838086385828498896856792", "91027287075917707334482351230775769010", "181903107053888778292821972103149648024", "197407190961813361629789264615431293682" ], "threshold": 0.9 }, "signature_type": "Line", "target": { "file": "evdns.c" }, "source": "https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d" } ] }