CVE-2021-34549

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Tor versions prior to 0.4.6.5

Description An issue was discovered where hashing is mishandled for certain retrieval of circuit data. Consequently, an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency. This issue is related to the mishandling of hashing for circuit data retrieval, allowing an attacker to exploit it and cause inefficiency in the algorithm.

Recommendations For Tor versions prior to 0.4.6.5, update to version 0.4.6.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of circuit IDs to minimize the risk of exploitation.

Fix

Resource Exhaustion

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-755

Related Identifiers

ALT-PU-2021-2008

ALT-PU-2025-6362

BDU:2021-04715

CVE-2021-34549

DSA-4932-1

MGASA-2021-0293

OPENSUSE-SU-2021:0926-1

OPENSUSE-SU-2021:0941-1

OPENSUSE-SU-2021_0926-1

OPENSUSE-SU-2024:11469-1

USN-5036-1

Affected Products

Alt Linux

Linuxmint

Suse

Tor

Ubuntu

CVE-2021-34549

Weakness Enumeration

Related Identifiers

Affected Products

References · 61