Vigil@nce - libevent: integer overflow of evbuffer
January 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate an integer overflow in the evbuffer API
of libevent, in order to trigger a denial of service, and possibly
to execute code.
Impacted products: Debian, MBS, OpenBSD, openSUSE, Ubuntu, Unix
(platform)
Severity: 2/4
Creation date: 14/01/2015
DESCRIPTION OF THE VULNERABILITY
The libevent library is used by applications to manage events on
file descriptors.
However, when the size of data is near SIZE_MAX bytes, an
overflows occurs in several functions of the evbuffer API
(evbuffer_*, bufferevent_*, evhttp_*, evrpc_*), and an allocated
memory area is too short.
An attacker can therefore generate an integer overflow in the
evbuffer API of libevent, in order to trigger a denial of service,
and possibly to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/libevent-integer-overflow-of-evbuffer-15962