{"id":"CVE-2016-10195","details":"The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.","modified":"2026-04-16T06:19:30.444680780Z","published":"2017-03-15T15:59:00.390Z","related":["SUSE-SU-2018:0200-1","SUSE-SU-2018:0263-1"],"references":[{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1038320"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1106"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1201"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/96014"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1104"},{"type":"ADVISORY","url":"https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201705-01"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3789"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/02/02/7"},{"type":"FIX","url":"https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d"},{"type":"FIX","url":"https://github.com/libevent/libevent/issues/317"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/01/31/17"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libevent/libevent","events":[{"introduced":"0"},{"fixed":"a73fb2f443ebf9687ee6ca81a6401d1f3751683f"},{"fixed":"96f64a022014a208105ead6c8a7066018449d86d"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.1.6-beta"}]}}],"versions":["release-1.1b","release-2.0.1-alpha","release-2.0.10-stable","release-2.0.3-alpha","release-2.0.4-alpha","release-2.0.5-beta","release-2.0.6-rc","release-2.0.7-rc","release-2.0.8-rc","release-2.0.9-rc","release-2.1.1-alpha","release-2.1.2-alpha","release-2.1.3-alpha","release-2.1.4-alpha","release-2.1.5-beta"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10195.json","vanir_signatures":[{"deprecated":false,"signature_type":"Function","digest":{"length":877,"function_hash":"230810917948425696078014435790478542403"},"target":{"file":"evdns.c","function":"name_parse"},"signature_version":"v1","source":"https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d","id":"CVE-2016-10195-3b821893"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["106612348666783545995288764119330317910","99528596204269176743159437588130556516","276937442475470391917172913239826145816","317810233472634170587977236046065416806","290818586757130838086385828498896856792","91027287075917707334482351230775769010","181903107053888778292821972103149648024","197407190961813361629789264615431293682"]},"signature_type":"Line","target":{"file":"evdns.c"},"signature_version":"v1","source":"https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d","id":"CVE-2016-10195-87e11fd7"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.1.5"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}],"vanir_signatures_modified":"2026-04-11T03:36:57Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}