Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-9mdg-1dc3-dueg
Vulnerability ID VCID-9mdg-1dc3-dueg
Aliases CVE-2014-6272
Summary Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-190 Integer Overflow or Wraparound
CWE-122 Heap-based Buffer Overflow
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
System Score Found at
epss 0.01085 https://api.first.org/data/v1/epss?cve=CVE-2014-6272
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6272.json
https://api.first.org/data/v1/epss?cve=CVE-2014-6272
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6272
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6525
1144646 https://bugzilla.redhat.com/show_bug.cgi?id=1144646
774645 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774645
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.78223
EPSS Score 0.01085
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:40:13.720974+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0