PT-2019-19281 · Tor+4 · Tor+4

Published

2019-02-21

Updated

2024-06-15

CVE-2019-8955

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Tor versions prior to 0.3.3.12 Tor versions 0.3.4.x prior to 0.3.4.11 Tor versions 0.3.5.x prior to 0.3.5.8 Tor versions 0.4.x prior to 0.4.0.2-alpha

Description The issue allows for remote denial of service against Tor clients and relays due to memory exhaustion in the KIST cell scheduler.

Recommendations For Tor versions prior to 0.3.3.12, update to version 0.3.3.12 or later. For Tor versions 0.3.4.x prior to 0.3.4.11, update to version 0.3.4.11 or later. For Tor versions 0.3.5.x prior to 0.3.5.8, update to version 0.3.5.8 or later. For Tor versions 0.4.x prior to 0.4.0.2-alpha, update to version 0.4.0.2-alpha or later.

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

ALT-PU-2019-1291

CVE-2019-8955

OPENSUSE-SU-2019:1107-1

OPENSUSE-SU-2019_1107-1

OPENSUSE-SU-2024:11469-1

USN-5036-1

Affected Products

Alt Linux

Linuxmint

Suse

Tor

Ubuntu

PT-2019-19281 · Tor+4 · Tor+4

CVE-2019-8955

Weakness Enumeration

Related Identifiers

Affected Products

References · 63