{"id":"UBUNTU-CVE-2014-6272","details":"Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via \"insanely large inputs\" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop.  NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later.","modified":"2026-01-30T01:42:56.127063Z","published":"2015-01-06T00:00:00Z","related":["USN-2477-1"],"upstream":["CVE-2014-6272"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-6272"},{"type":"REPORT","url":"http://archives.seul.org/libevent/users/Jan-2015/msg00011.html"},{"type":"REPORT","url":"http://archives.seul.org/libevent/users/Jan-2015/msg00012.html"},{"type":"REPORT","url":"http://archives.seul.org/libevent/users/Jan-2015/msg00013.html"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2477-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2014-6272"}],"affected":[{"package":{"name":"libevent","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/libevent@2.0.21-stable-1ubuntu1.14.04.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.21-stable-1ubuntu1.14.04.1"}]}],"versions":["2.0.21-stable-1","2.0.21-stable-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"libevent-2.0-5","binary_version":"2.0.21-stable-1ubuntu1.14.04.1"},{"binary_name":"libevent-core-2.0-5","binary_version":"2.0.21-stable-1ubuntu1.14.04.1"},{"binary_name":"libevent-dev","binary_version":"2.0.21-stable-1ubuntu1.14.04.1"},{"binary_name":"libevent-extra-2.0-5","binary_version":"2.0.21-stable-1ubuntu1.14.04.1"},{"binary_name":"libevent-openssl-2.0-5","binary_version":"2.0.21-stable-1ubuntu1.14.04.1"},{"binary_name":"libevent-pthreads-2.0-5","binary_version":"2.0.21-stable-1ubuntu1.14.04.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-6272.json"}}],"schema_version":"1.7.3","severity":[{"type":"Ubuntu","score":"medium"}]}