CVE-2011-2778

Name of the Vulnerable Software and Affected Versions Tor versions prior to 0.2.2.35

Description The issue is related to multiple heap-based buffer overflows that can be triggered by establishing a SOCKS connection to SocksPort or by leveraging a SOCKS proxy configuration. This can cause a denial of service due to memory corruption or possibly allow the execution of arbitrary code.

Recommendations For versions prior to 0.2.2.35, update to version 0.2.2.35 or later to resolve the issue. As a temporary workaround, consider restricting access to the SocksPort to minimize the risk of exploitation. Avoid using SOCKS proxy configurations that could leverage the vulnerable condition until the issue is resolved.