Nickm

**Name of the Vulnerable Software and Affected Versions** Tor versions prior to 0.4.5.7 **Description** The issue is related to the insufficient use of the `assert()` function in the `dirvote add signatures to pending consensus()` function of the Tor browser. This allows a remote attacker to cause Tor directory authorities to exit with an assertion failure. **Recommendations** For versions prior to 0.4.5.7, update to version 0.4.5.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the `dirvote add signatures to pending consensus()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Tor versions prior to 0.4.5.7 **Description** The issue allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target. This is related to an error in the resource consumption control mechanism of the Tor browser's dump desc() function. Exploitation of this issue can lead to a denial of service. **Recommendations** For versions prior to 0.4.5.7, update to version 0.4.5.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the Tor directory protocol to minimize the risk of exploitation.