PT-2017-18557 · Tor+1 · Tor+1
Published
2017-12-01
·
Updated
2024-06-15
·
CVE-2017-8823
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Tor versions 0.2.6 through 0.2.8 before 0.2.8.17
Tor versions 0.2.9 before 0.2.9.14
Tor versions 0.3.0 before 0.3.0.13
Tor versions 0.3.1 before 0.3.1.9
Tor version 0.2.5.16 and earlier
Description
The issue is related to a use-after-free error in onion service v2 during intro-point expiration. This occurs because the expiring list is mismanaged in certain error cases.
Recommendations
For Tor versions 0.2.6 through 0.2.8 before 0.2.8.17, update to version 0.2.8.17 or later.
For Tor versions 0.2.9 before 0.2.9.14, update to version 0.2.9.14 or later.
For Tor versions 0.3.0 before 0.3.0.13, update to version 0.3.0.13 or later.
For Tor versions 0.3.1 before 0.3.1.9, update to version 0.3.1.9 or later.
For Tor version 0.2.5.16 and earlier, update to version 0.2.5.16 or later.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Tor