libevent拒绝服务漏洞（CNVD-2017-01524）

2023-12-02 16:58:13 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

CVE编号

CVE-2016-10196

利用情况

暂无

补丁情况

官方补丁

披露时间

2017-03-16

2.1.6-beta版本之前，evutil_parse_sockaddr_port函数中的evutil_parse_sockaddr_port函数中的基于堆栈的缓冲区溢出允许攻击者通过ip_as_string参数中包含长字符串的矢量导致拒绝服务(分段错误)。

用户可联系供应商获得补丁信息：http://libevent.org/

参考链接
http://www.debian.org/security/2017/dsa-3789
http://www.openwall.com/lists/oss-security/2017/01/31/17
http://www.openwall.com/lists/oss-security/2017/02/02/7
http://www.securityfocus.com/bid/96014
http://www.securitytracker.com/id/1038320
https://access.redhat.com/errata/RHSA-2017:1104
https://access.redhat.com/errata/RHSA-2017:1106
https://access.redhat.com/errata/RHSA-2017:1201
https://bugzilla.mozilla.org/show_bug.cgi?id=1343453
https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog
https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5
https://github.com/libevent/libevent/issues/318
https://security.gentoo.org/glsa/201705-01
https://www.mozilla.org/security/advisories/mfsa2017-10/
https://www.mozilla.org/security/advisories/mfsa2017-11/
https://www.mozilla.org/security/advisories/mfsa2017-12/
https://www.mozilla.org/security/advisories/mfsa2017-13/

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	libevent_project	libevent	*		Up to (including) 2.1.5
	运行在以下环境
	系统	debian	debian_linux	8.0	-
	运行在以下环境
	系统	redhat_6	firefox	*		Up to (excluding) 0:52.1.0-2.el6_9
	运行在以下环境
	系统	redhat_7	thunderbird	*		Up to (excluding) 0:52.1.0-1.el7_3
	运行在以下环境
	系统	suse_12	MozillaFirefox	*		Up to (excluding) 52.2.0esr-108
	运行在以下环境
	系统	ubuntu_12.04.5_lts	libevent	*		Up to (excluding) 2.0.16-stable-1ubuntu0.2
	运行在以下环境
	系统	ubuntu_14.04.6_lts	firefox	*		Up to (excluding) 53.0+build6-0ubuntu0.14.04.1
	运行在以下环境
	系统	ubuntu_16.04.7_lts	firefox	*		Up to (excluding) 53.0+build6-0ubuntu0.16.04.1