{"id":"CVE-2016-10196","details":"Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.","modified":"2026-04-16T01:45:11.159515722Z","published":"2017-03-15T15:59:00.437Z","related":["SUSE-SU-2017:1669-1","SUSE-SU-2017:2235-1","SUSE-SU-2018:0200-1","SUSE-SU-2018:0263-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:a:libevent_project:libevent:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"2.1.5"}]},{"cpe":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"fixed":"45.9.0"},{"fixed":"53.0"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:mozilla:firefox:52.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"52.0"}]},{"cpe":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"fixed":"52.1.0"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0"}]}]},"references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3789"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2017/01/31/17"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2017/02/02/7"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/96014"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1038320"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1104"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1106"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1201"},{"type":"ADVISORY","url":"https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201705-01"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2017-10/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2017-11/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2017-12/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2017-13/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1343453"},{"type":"REPORT","url":"https://github.com/libevent/libevent/issues/318"},{"type":"FIX","url":"https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libevent/libevent","events":[{"introduced":"0"},{"fixed":"a73fb2f443ebf9687ee6ca81a6401d1f3751683f"},{"fixed":"329acc18a0768c21ba22522f01a5c7f46cacc4d5"}],"database_specific":{"source":["DESCRIPTION","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"2.1.6-beta"}]}}],"versions":["release-1.1b","release-2.0.1-alpha","release-2.0.10-stable","release-2.0.3-alpha","release-2.0.4-alpha","release-2.0.5-beta","release-2.0.6-rc","release-2.0.7-rc","release-2.0.8-rc","release-2.0.9-rc","release-2.1.1-alpha","release-2.1.2-alpha","release-2.1.3-alpha","release-2.1.4-alpha","release-2.1.5-beta"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10196.json","vanir_signatures_modified":"2026-04-11T19:42:50Z","vanir_signatures":[{"source":"https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["150950762839313443854128451278399393403","156066307512493417114155182452196228317","284286474332607600344405972541101859336","213310763593689227919181651068431535940","123729570573793670263357540440117772099","2756236998268050881793369281074788681","154193229467838285812135636366529729055","160986861496127588749569741143093255020","4382978669650176026683552117197548399"],"threshold":0.9},"target":{"file":"evutil.c"},"deprecated":false,"id":"CVE-2016-10196-27612800"},{"source":"https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5","signature_version":"v1","digest":{"function_hash":"243983321357223491177841111507201921392","length":1955},"deprecated":false,"target":{"function":"evutil_parse_sockaddr_port","file":"evutil.c"},"signature_type":"Function","id":"CVE-2016-10196-e69ca298"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}