Bug ID 1022919
Summary VUL-1: libevent: out-of-bounds read in search_make_new()
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.2
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter mikhail.kasimov@gmail.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Ref: http://seclists.org/oss-sec/2017/q1/250
==============================================
Libevent 2.1.6 fixed three bugs that may have security implications.

3) out-of-bounds read in search_make_new()
------
The DNS code of Libevent contains this rather obvious OOB read:

3122 static char *
3123 search_make_new(const struct search_state *const state, int n, const char
*const base_name) {
3124     const size_t base_len = strlen(base_name);
3125     const char need_to_append_dot = base_name[base_len - 1] == '.' ? 0 :
1;

If the length of base_name is 0, then line 3125 reads 1 byte before the
buffer. This will trigger a crash on ASAN-protected builds.
[...]
azat closed this in ec65c42 on Mar 24, 2016
------
https://github.com/libevent/libevent/issues/332
==============================================

(open-)SUSE: https://software.opensuse.org/package/libevent :

TW: 2.0.22
42.(1|2): 2.0.21

SLE12-SP2 seems not shipping libevent.

You are receiving this mail because: