http://bugzilla.opensuse.org/show_bug.cgi?id=1022919 Bug ID: 1022919 Summary: VUL-1: libevent: out-of-bounds read in search_make_new() Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Ref: http://seclists.org/oss-sec/2017/q1/250 ============================================== Libevent 2.1.6 fixed three bugs that may have security implications. 3) out-of-bounds read in search_make_new() ------ The DNS code of Libevent contains this rather obvious OOB read: 3122 static char * 3123 search_make_new(const struct search_state *const state, int n, const char *const base_name) { 3124 const size_t base_len = strlen(base_name); 3125 const char need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1; If the length of base_name is 0, then line 3125 reads 1 byte before the buffer. This will trigger a crash on ASAN-protected builds. [...] azat closed this in ec65c42 on Mar 24, 2016 ------ https://github.com/libevent/libevent/issues/332 ============================================== (open-)SUSE: https://software.opensuse.org/package/libevent : TW: 2.0.22 42.(1|2): 2.0.21 SLE12-SP2 seems not shipping libevent. -- You are receiving this mail because: You are on the CC list for the bug.