What is the severity of CVE-2015-6525?

CVE-2015-6525 is considered to have a high severity due to potential denial of service vulnerabilities.

How do I fix CVE-2015-6525?

To fix CVE-2015-6525, upgrade to Libevent version 2.0.22 or 2.1.5-beta or later.

Which software is affected by CVE-2015-6525?

CVE-2015-6525 affects all versions of Libevent prior to 2.0.22 and 2.1.5-beta.

What types of attacks can CVE-2015-6525 facilitate?

CVE-2015-6525 can enable context-dependent attackers to cause denial of service attacks.

Is CVE-2015-6525 exploit-related to input sizes?

Yes, CVE-2015-6525 is associated with vulnerabilities triggered by excessively large inputs.

Vulnerability/
CVE-2015-6525

high

7.5

CWE

189 119 190

24/8/2015

6/8/2024

CVE-2015-6525: Buffer Overflow

First published: Mon Aug 24 2015(Updated: )

Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Debian Linux	=7.1
Red Hat Libevent	=2.0.1
Red Hat Libevent	=2.0.2
Red Hat Libevent	=2.0.3
Red Hat Libevent	=2.0.4
Red Hat Libevent	=2.0.5
Red Hat Libevent	=2.0.6
Red Hat Libevent	=2.0.7
Red Hat Libevent	=2.0.8
Red Hat Libevent	=2.0.9
Red Hat Libevent	=2.0.10
Red Hat Libevent	=2.0.11
Red Hat Libevent	=2.0.12
Red Hat Libevent	=2.0.13
Red Hat Libevent	=2.0.14
Red Hat Libevent	=2.0.15
Red Hat Libevent	=2.0.16
Red Hat Libevent	=2.0.17
Red Hat Libevent	=2.0.18
Red Hat Libevent	=2.0.19
Red Hat Libevent	=2.0.20
Red Hat Libevent	=2.0.21
Red Hat Libevent	=2.1.1
Red Hat Libevent	=2.1.2
Red Hat Libevent	=2.1.3
Red Hat Libevent	=2.1.4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-6525?
CVE-2015-6525 is considered to have a high severity due to potential denial of service vulnerabilities.
How do I fix CVE-2015-6525?
To fix CVE-2015-6525, upgrade to Libevent version 2.0.22 or 2.1.5-beta or later.
Which software is affected by CVE-2015-6525?
CVE-2015-6525 affects all versions of Libevent prior to 2.0.22 and 2.1.5-beta.
What types of attacks can CVE-2015-6525 facilitate?
CVE-2015-6525 can enable context-dependent attackers to cause denial of service attacks.
Is CVE-2015-6525 exploit-related to input sizes?
Yes, CVE-2015-6525 is associated with vulnerabilities triggered by excessively large inputs.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/author
agent/last-modified-date
agent/severity
agent/event
agent/description
agent/first-publish-date
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/debian
canonical/debian linux
version/debian linux/7.1
vendor/libevent project
canonical/red hat libevent
version/red hat libevent/2.0.1
version/red hat libevent/2.0.2
version/red hat libevent/2.0.3
version/red hat libevent/2.0.4
version/red hat libevent/2.0.5
version/red hat libevent/2.0.6
version/red hat libevent/2.0.7
version/red hat libevent/2.0.8
version/red hat libevent/2.0.9
version/red hat libevent/2.0.10
version/red hat libevent/2.0.11
version/red hat libevent/2.0.12
version/red hat libevent/2.0.13
version/red hat libevent/2.0.14
version/red hat libevent/2.0.15
version/red hat libevent/2.0.16
version/red hat libevent/2.0.17
version/red hat libevent/2.0.18
version/red hat libevent/2.0.19
version/red hat libevent/2.0.20
version/red hat libevent/2.0.21
version/red hat libevent/2.1.1
version/red hat libevent/2.1.2
version/red hat libevent/2.1.3
version/red hat libevent/2.1.4