PT-2020-7821 · Tor+1 · Tor+1

Published

2015-03-22

·

Updated

2024-06-15

·

CVE-2015-2688

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Tor versions 0.2.4.x through 0.2.4.25 Tor versions 0.2.5.x through 0.2.5.10
Description: The issue is related to the buf pullup function in Tor, which does not properly handle unexpected arrival times of buffers with invalid layouts. This allows remote attackers to cause a denial of service, resulting in an assertion failure and daemon exit, via crafted packets.
Recommendations: For Tor versions 0.2.4.x through 0.2.4.25, update to version 0.2.4.26 or later. For Tor versions 0.2.5.x through 0.2.5.10, update to version 0.2.5.11 or later.

Fix

DoS

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-755

Related Identifiers

ALT-PU-2015-1317
CVE-2015-2688
DLA-178-1
DSA-3203-1
OPENSUSE-SU-2024:10423-1

Affected Products

Alt Linux
Tor