CVE-2016-10195
moderate-risk
Published 2017-03-15
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.
Do I need to act?
~
5.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: a73fb2f443ebf9687ee6ca81a6401d1f3751683f, 96f64a022014a208105ead6c8a7066018449d86d
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (2)
Libevent
Affected Vendors
References (24)
Third Party Advisory
http://www.debian.org/security/2017/dsa-3789
Third Party Advisory
http://www.securityfocus.com/bid/96014
Broken Link
http://www.securitytracker.com/id/1038320
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1104
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1106
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1201
Third Party Advisory
https://security.gentoo.org/glsa/201705-01
Third Party Advisory
http://www.debian.org/security/2017/dsa-3789
Third Party Advisory
http://www.securityfocus.com/bid/96014
Broken Link
http://www.securitytracker.com/id/1038320
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1104
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1106
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1201
and 4 more references
48
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
9/34 · Low
Exposure
7/34 · Low