{"id":"CVE-2016-10197","details":"The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.","modified":"2026-04-16T06:21:20.345162760Z","published":"2017-03-15T15:59:00.500Z","related":["SUSE-SU-2018:0200-1","SUSE-SU-2018:0263-1"],"references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2017/02/02/7"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/96014"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1104"},{"type":"ADVISORY","url":"https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3789"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2017/01/31/17"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1038320"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1106"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1201"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201705-01"},{"type":"REPORT","url":"https://github.com/libevent/libevent/issues/332"},{"type":"FIX","url":"https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libevent/libevent","events":[{"introduced":"0"},{"fixed":"a73fb2f443ebf9687ee6ca81a6401d1f3751683f"},{"fixed":"ec65c42052d95d2c23d1d837136d1cf1d9ecef9e"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.1.6-beta"}]}}],"versions":["release-1.1b","release-2.0.1-alpha","release-2.0.10-stable","release-2.0.3-alpha","release-2.0.4-alpha","release-2.0.5-beta","release-2.0.6-rc","release-2.0.7-rc","release-2.0.8-rc","release-2.0.9-rc","release-2.1.1-alpha","release-2.1.2-alpha","release-2.1.3-alpha","release-2.1.4-alpha","release-2.1.5-beta"],"database_specific":{"vanir_signatures_modified":"2026-04-11T03:36:57Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1.5"}]}],"vanir_signatures":[{"id":"CVE-2016-10197-b53ea4fd","target":{"file":"evdns.c"},"digest":{"threshold":0.9,"line_hashes":["214367120580076081898697868452724967811","164211120368855747282035090237193966170","292021247077176379054083257543566590152","112428809209276904449140038770404008020","215075892714760528797634730112271143100"]},"signature_type":"Line","deprecated":false,"source":"https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e","signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10197.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}