CVE-2014-6272 - Potential Heap Overflow Vulnerability in Libevent

  • Posted August 6, 2015

  • Assessed Risk Level: Medium

Earlier this year, the Libevent project announced a security vulnerability in the Libevent evbuffer APIs. Puppet Enterprise versions prior to 3.8.2 contained a vulnerable version of Libevent. Puppet Enterprise 3.8.2 contains an updated version of Libevent that has fixed the vulnerability.

For more information about the vulnerability, please refer to CVE-2014-6272 .


Affected Software Versions:

  • Puppet Enterprise 3.x

Resolved in:

  • Puppet Enterprise 3.8.2