CVE-2007-1030 - Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite lo

CVE-2007-1030

Summary

Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset.

References

Vulnerable Configurations

cpe:2.3:a:niels_provos:libevent:1.2:*:*:*:*:*:*:*
cpe:2.3:a:niels_provos:libevent:1.2:*:*:*:*:*:*:*
cpe:2.3:a:niels_provos:libevent:1.2a:*:*:*:*:*:*:*
cpe:2.3:a:niels_provos:libevent:1.2a:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 16-10-2018 - 16:36)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	22606
bugtraq	20070219 Remote DoS in libevent DNS parsing <= 1.2a
confirm	http://monkey.org/~provos/libevent/
osvdb	33228
secunia	24181
sreason	2268
vupen	ADV-2007-0647

statements via4

contributor	Mark J Cox
lastmodified	2008-04-04
organization	Red Hat
statement	Not vulnerable. This issue did not affect versions of libevent as shipped with Red Hat Enterprise Linux 5.

Last major update

16-10-2018 - 16:36

Published

21-02-2007 - 11:28

Last modified

16-10-2018 - 16:36