CVE-2021-38385

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Tor versions prior to 0.3.5.16 Tor versions prior to 0.4.5.10 Tor versions prior to 0.4.6.7

Description The issue is related to how Tor handles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure. This can be used to initiate a denial of service. The problem occurs due to a discrepancy in the behavior of code for verifying digital signatures individually and in batch mode.

Recommendations For versions prior to 0.3.5.16, update to version 0.3.5.16 or later. For versions prior to 0.4.5.10, update to version 0.4.5.10 or later. For versions prior to 0.4.6.7, update to version 0.4.6.7 or later.

Exploit

Fix

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

ALT-PU-2021-2569

ALT-PU-2021-3213

ALT-PU-2025-6362

CVE-2021-38385

DSA-4961-1

MGASA-2021-0426

OPENSUSE-SU-2021:1169-1

OPENSUSE-SU-2021:1178-1

OPENSUSE-SU-2021:1192-1

OPENSUSE-SU-2021_1169-1

OPENSUSE-SU-2024:11469-1

USN-5036-1

Affected Products

Alt Linux

Linuxmint

Suse

Tor

Ubuntu

CVE-2021-38385

Weakness Enumeration

Related Identifiers

Affected Products

References · 60