Telegram icon indicating copy to clipboard operation
Telegram copied to clipboard
verified publisher icon DrKLO

Fix: evdns: fix searching empty hostnames

Open hsuk04 opened this issue 7 months ago • 0 comments

This PR helps update the evdns third-party dependency to address an issue originally reported here: https://github.com/libevent/libevent/commit/ec65c42 & https://github.com/libevent/libevent/issues/332

The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.

hsuk04 avatar May 05 '25 08:05 hsuk04