Name of the Vulnerable Software and Affected Versions tor version 0.4.7.11

Description The issue improves the security of the DNS cache by randomly clipping the TTL value. It also introduces improved defenses against network-wide DoS attacks, with multiple counters and metrics added to MetricsPorts. Additionally, circuit creation anti-DoS defenses are applied when the outbound circuit max cell queue size is reached too many times, introducing two new consensus parameters to control the queue size limit and the number of times allowed to go over that limit. Directory authority updates, IPFire database and geoip updates, and a bump in the maximum amount of CPU that can be used from 16 to 128 are also included. The NumCPUs torrc option overrides this hardcoded maximum. The onion service sets a higher circuit build timeout for opened client rendezvous circuits to avoid timeouts and retry load. The service also retries a rendezvous if the circuit is being repurposed for measurements.

Recommendations Update to tor version 0.4.7.11 to fix the issues. As a temporary workaround, consider restricting the use of the vulnerable DNS cache and MetricsPorts until the update is applied. Restrict access to the onion service to minimize the risk of exploitation. Avoid using the NumCPUs option until the update is applied.