{"id":"CVE-2016-10197","details":"The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.","modified":"2026-05-18T13:46:33.228671Z","published":"2017-03-15T15:59:00.500Z","related":["SUSE-SU-2018:0200-1","SUSE-SU-2018:0263-1"],"database_specific":{"unresolved_ranges":[{"vendor_product":"debian:debian_linux","extracted_events":[{"last_affected":"8.0"}],"source":"CPE_FIELD","cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]},{"vendor_product":"libevent_project:libevent","extracted_events":[{"last_affected":"2.1.5"}],"source":"CPE_FIELD","cpes":["cpe:2.3:a:libevent_project:libevent:*:*:*:*:*:*:*:*"]}]},"references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3789"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2017/01/31/17"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2017/02/02/7"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/96014"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1038320"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1104"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1106"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1201"},{"type":"ADVISORY","url":"https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201705-01"},{"type":"REPORT","url":"https://github.com/libevent/libevent/issues/332"},{"type":"FIX","url":"https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libevent/libevent","events":[{"introduced":"0"},{"fixed":"a73fb2f443ebf9687ee6ca81a6401d1f3751683f"},{"fixed":"ec65c42052d95d2c23d1d837136d1cf1d9ecef9e"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"2.1.6-beta"}],"source":["DESCRIPTION","REFERENCES"]}}],"versions":["release-2.1.5-beta","release-2.1.4-alpha","release-2.1.3-alpha","release-2.1.2-alpha","release-2.1.1-alpha","release-2.0.10-stable","release-2.0.9-rc","release-2.0.8-rc","release-2.0.7-rc","release-2.0.6-rc","release-2.0.5-beta","release-2.0.4-alpha","release-2.0.3-alpha","release-2.0.1-alpha","release-1.1b"],"database_specific":{"vanir_signatures_modified":"2026-05-18T13:46:33Z","vanir_signatures":[{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["214367120580076081898697868452724967811","164211120368855747282035090237193966170","292021247077176379054083257543566590152","112428809209276904449140038770404008020","215075892714760528797634730112271143100"]},"id":"CVE-2016-10197-b53ea4fd","signature_type":"Line","deprecated":false,"target":{"file":"evdns.c"},"source":"https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10197.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}