Tobias Pulls

**Name of the Vulnerable Software and Affected Versions** Tor versions 0.3.5.10 and earlier, 0.4.x through 0.4.1.8, and 0.4.2.x through 0.4.2.6 **Description** The issue allows remote attackers to cause a Denial of Service (memory leak). This occurs in the `circpad setup machine on circ` function because a circuit-padding machine can be negotiated twice on the same circuit. **Recommendations** For Tor versions 0.3.5.10 and earlier, update to version 0.3.5.10 or later. For Tor versions 0.4.x through 0.4.1.8, update to version 0.4.1.9 or later. For Tor versions 0.4.2.x through 0.4.2.6, update to version 0.4.2.7 or later. As a temporary workaround, consider disabling the `circpad setup machine on circ` function until a patch is available.