CVE-2016-10197

The searchmakenew function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.

References

Affected packages

Git / github.com/libevent/libevent

Affected ranges

Type: GIT
Repo: https://github.com/libevent/libevent
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ec65c42052d95d2c23d1d837136d1cf1d9ecef9e

Affected versions

release-1.*

release-1.1b

release-2.*

release-2.0.1-alpha

release-2.0.10-stable

release-2.0.11-stable

release-2.0.12-stable

release-2.0.13-stable

release-2.0.14-stable

release-2.0.15-stable

release-2.0.16-stable

release-2.0.17-stable

release-2.0.18-stable

release-2.0.19-stable

release-2.0.20-stable

release-2.0.21-stable

release-2.0.3-alpha

release-2.0.4-alpha

release-2.0.5-beta

release-2.0.6-rc

release-2.0.7-rc

release-2.0.8-rc

release-2.0.9-rc

release-2.1.1-alpha

release-2.1.2-alpha

release-2.1.3-alpha

release-2.1.4-alpha

release-2.1.5-beta

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "line_hashes": [
                    "214367120580076081898697868452724967811",
                    "164211120368855747282035090237193966170",
                    "292021247077176379054083257543566590152",
                    "112428809209276904449140038770404008020",
                    "215075892714760528797634730112271143100"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2016-10197-b53ea4fd",
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Line",
            "target": {
                "file": "evdns.c"
            },
            "source": "https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e"
        }
    ]
}