{"id":"CVE-2016-10195","details":"The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.","modified":"2026-05-18T13:46:32.923168Z","published":"2017-03-15T15:59:00.390Z","related":["SUSE-SU-2018:0200-1","SUSE-SU-2018:0263-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"8.0"}],"vendor_product":"debian:debian_linux","source":"CPE_FIELD","cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]},{"extracted_events":[{"last_affected":"2.1.5"}],"vendor_product":"libevent_project:libevent","source":"CPE_FIELD","cpes":["cpe:2.3:a:libevent_project:libevent:*:*:*:*:*:*:*:*"]}]},"references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3789"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/96014"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1038320"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1104"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1106"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1201"},{"type":"ADVISORY","url":"https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201705-01"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/01/31/17"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/02/02/7"},{"type":"FIX","url":"https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d"},{"type":"FIX","url":"https://github.com/libevent/libevent/issues/317"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libevent/libevent","events":[{"introduced":"0"},{"fixed":"a73fb2f443ebf9687ee6ca81a6401d1f3751683f"},{"fixed":"96f64a022014a208105ead6c8a7066018449d86d"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"2.1.6-beta"}],"source":["DESCRIPTION","REFERENCES"]}}],"versions":["release-2.1.5-beta","release-2.1.4-alpha","release-2.1.3-alpha","release-2.1.2-alpha","release-2.1.1-alpha","release-2.0.10-stable","release-2.0.9-rc","release-2.0.8-rc","release-2.0.7-rc","release-2.0.6-rc","release-2.0.5-beta","release-2.0.4-alpha","release-2.0.3-alpha","release-2.0.1-alpha","release-1.1b"],"database_specific":{"vanir_signatures_modified":"2026-05-18T13:46:32Z","vanir_signatures":[{"signature_type":"Function","signature_version":"v1","target":{"function":"name_parse","file":"evdns.c"},"deprecated":false,"source":"https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d","id":"CVE-2016-10195-3b821893","digest":{"length":877,"function_hash":"230810917948425696078014435790478542403"}},{"signature_type":"Line","signature_version":"v1","target":{"file":"evdns.c"},"deprecated":false,"source":"https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d","id":"CVE-2016-10195-87e11fd7","digest":{"line_hashes":["106612348666783545995288764119330317910","99528596204269176743159437588130556516","276937442475470391917172913239826145816","317810233472634170587977236046065416806","290818586757130838086385828498896856792","91027287075917707334482351230775769010","181903107053888778292821972103149648024","197407190961813361629789264615431293682"],"threshold":0.9}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10195.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}