PT-2020-12223 · Tor+2 · Tor+2

Tobias Pulls

Published

2019-05-07

Updated

2024-06-15

CVE-2020-10593

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Tor versions 0.3.5.10 and earlier, 0.4.x through 0.4.1.8, and 0.4.2.x through 0.4.2.6

Description The issue allows remote attackers to cause a Denial of Service (memory leak). This occurs in the circpad setup machine on circ function because a circuit-padding machine can be negotiated twice on the same circuit.

Recommendations For Tor versions 0.3.5.10 and earlier, update to version 0.3.5.10 or later. For Tor versions 0.4.x through 0.4.1.8, update to version 0.4.1.9 or later. For Tor versions 0.4.2.x through 0.4.2.6, update to version 0.4.2.7 or later. As a temporary workaround, consider disabling the circpad setup machine on circ function until a patch is available.

Fix

DoS

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

ALT-PU-2019-1777

ALT-PU-2020-1973

CVE-2020-10593

MGASA-2020-0165

OPENSUSE-SU-2020:0406-1

OPENSUSE-SU-2020:0428-1

OPENSUSE-SU-2020:1970-1

OPENSUSE-SU-2020_0406-1

OPENSUSE-SU-2020_1970-1

OPENSUSE-SU-2024:11469-1

Affected Products

Alt Linux

Suse

Tor

PT-2020-12223 · Tor+2 · Tor+2

CVE-2020-10593

Weakness Enumeration

Related Identifiers

Affected Products

References · 52