Out-of-bounds read in libevent

#VU6350 Out-of-bounds read in libevent

Published: 2017-04-19

Vulnerability identifier: #VU6350

Vulnerability risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-5437, CVE-2016-10195

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libevent
Universal components / Libraries / Libraries used by multiple products

Vendor: libevent

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in name_parse() function in evdns.c within libevent library before 2.1.6-beta. A remote attacker can trigger out-of-bounds read and gain access to sensitive system memory.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation
Update to version 2.1.6-beta or later.

Vulnerable software versions

libevent: 2.1.6

External links
http://www.openwall.com/lists/oss-security/2017/01/31/17

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for Mozilla Firefox

Red Hat update for Mozilla Thunderbird

Gentoo update for libevent

Multiple vulnerabilities in Mozilla Thunderbird

Arch Linux update for firefox

Multiple vulnerabilities in Mozilla Firefox

Ubuntu update for libevent

Out-of-bounds read in libevent (Alpine package)

Multiple vulnerabilities in libevent