PT-2017-18554 · Tor+1 · Tor+1

Publicado

2017-12-01

·

Atualizado

2024-06-15

·

CVE-2017-8820

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Tor versions 0.2.5 through 0.2.5.15 Tor versions 0.2.6 through 0.2.8.16 Tor versions 0.2.9 through 0.2.9.13 Tor versions 0.3.0 through 0.3.0.12 Tor versions 0.3.1 through 0.3.1.8
Description The issue allows remote attackers to cause a denial of service against directory authorities via a malformed descriptor. This can result in a NULL pointer dereference and application crash.
Recommendations For Tor versions 0.2.5 through 0.2.5.15, update to version 0.2.5.16 or later. For Tor versions 0.2.6 through 0.2.8.16, update to version 0.2.8.17 or later. For Tor versions 0.2.9 through 0.2.9.13, update to version 0.2.9.14 or later. For Tor versions 0.3.0 through 0.3.0.12, update to version 0.3.0.13 or later. For Tor versions 0.3.1 through 0.3.1.8, update to version 0.3.1.9 or later.

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2017-2718
CVE-2017-8820
DSA-4054-1
MGASA-2017-0444
OPENSUSE-SU-2017:3201-1
OPENSUSE-SU-2017:3203-1
OPENSUSE-SU-2024:11469-1

Produtos afetados

Alt Linux
Tor