PT-2020-2102 · Tor+2 · Tor+2

Published

2019-05-07

Updated

2024-06-15

CVE-2020-10592

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Tor versions 0.3.5.10 and earlier, 0.4.x through 0.4.1.8, and 0.4.2.x through 0.4.2.6

Description The issue is related to an error in uncontrolled resource consumption, allowing remote attackers to cause a Denial of Service (CPU consumption). This can be exploited by a remote attacker to disrupt service.

Recommendations For Tor versions 0.3.5.10 and earlier, update to version 0.3.5.10 or later. For Tor versions 0.4.x through 0.4.1.8, update to version 0.4.1.9 or later. For Tor versions 0.4.2.x through 0.4.2.6, update to version 0.4.2.7 or later.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALT-PU-2019-1777

ALT-PU-2020-1525

ALT-PU-2020-1973

ALT-PU-2020-2702

BDU:2020-01963

CVE-2020-10592

DSA-4644-1

MGASA-2020-0165

OPENSUSE-SU-2020:0406-1

OPENSUSE-SU-2020:0428-1

OPENSUSE-SU-2020:1970-1

OPENSUSE-SU-2020_0406-1

OPENSUSE-SU-2020_1970-1

OPENSUSE-SU-2024:11469-1

Affected Products

Alt Linux

Suse

Tor

PT-2020-2102 · Tor+2 · Tor+2

CVE-2020-10592

Weakness Enumeration

Related Identifiers

Affected Products

References · 56