{"id":"UBUNTU-CVE-2015-6525","details":"Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via \"insanely large inputs\" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop.  NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions.","modified":"2026-04-22T10:09:04.545996Z","published":"2015-08-24T14:59:00Z","related":["USN-2477-1"],"upstream":["CVE-2015-6525"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-6525"},{"type":"REPORT","url":"http://www.debian.org/security/2015/dsa-3119"},{"type":"REPORT","url":"http://archives.seul.org/libevent/users/Jan-2015/msg00010.html"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2477-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2015-6525"}],"affected":[{"package":{"name":"libevent","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/libevent@2.0.21-stable-1ubuntu1.14.04.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.21-stable-1ubuntu1.14.04.1"}]}],"versions":["2.0.21-stable-1","2.0.21-stable-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"2.0.21-stable-1ubuntu1.14.04.1","binary_name":"libevent-2.0-5"},{"binary_version":"2.0.21-stable-1ubuntu1.14.04.1","binary_name":"libevent-core-2.0-5"},{"binary_version":"2.0.21-stable-1ubuntu1.14.04.1","binary_name":"libevent-extra-2.0-5"},{"binary_version":"2.0.21-stable-1ubuntu1.14.04.1","binary_name":"libevent-openssl-2.0-5"},{"binary_version":"2.0.21-stable-1ubuntu1.14.04.1","binary_name":"libevent-pthreads-2.0-5"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-6525.json"}}],"schema_version":"1.7.5","severity":[{"type":"Ubuntu","score":"medium"}]}