Arch Linux Security Advisory ASA-201501-4 ========================================= Severity: Medium Date : 2015-01-13 CVE-ID : CVE-2014-6272 Package : libevent Type : heap overflow Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package libevent before version 2.0.22-1 is vulnerable to a potential heap overflow. Resolution ========== Upgrade to 2.0.22-1. # pacman -Syu "libevent>=2.0.22-1" The problem has been fixed upstream in version 2.0.22. Workaround ========== The potential heap overflow can be prevented by not using evbuffer_add(), evbuffer_prepend(), evbuffer_expand(), exbuffer_reserve_space(), or evbuffer_read() in a way leading to the use of a buffer chunk larger than a single size_t. Description =========== A defect in the libevent evbuffer API could possibly leave some programs that use the evbuffer API open to potential heap overflows. A program using the evbuffer_add(), evbuffer_prepend(), evbuffer_expand(), exbuffer_reserve_space(), or evbuffer_read() functions may be vulnerable if an attacker is able to coax the linked program into trying to make a buffer larger than that which would fit into a single size_t. Impact ====== An attacker may be able to execute arbitrary code in a program using a vulnerable version of libevent. Upstream has attempted to identify any programs using libevent in a vulnerable way and has not as of yet found any that do but, as a precaution, recommends upgrading. References ========== http://archives.seul.org/libevent/users/Jan-2015/msg00010.html https://bugs.archlinux.org/task/43366 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6272