SB2015082417 - Input validation error in Debian Linux

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2015082417

SB2015082417 - Input validation error in Debian Linux

Published: August 24, 2015 Updated: August 9, 2020

Security Bulletin ID SB2015082417
Severity
Medium
Patch available
NO
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Input validation error (CVE-ID: CVE-2015-6525)

The vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References