CVE-2020-15572

Name of the Vulnerable Software and Affected Versions Tor versions prior to 0.4.3.6

Description The issue is caused by an out-of-bounds memory access, allowing a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS). This problem only occurs when Tor is built with the NSS library, which requires the "--enable-nss" flag, as Tor is compiled with OpenSSL by default.

Recommendations For Tor versions prior to 0.4.3.6, update to version 0.4.3.6 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the NSS library by compiling Tor with OpenSSL, which is the default configuration.