Vulnerability in Torproject Tor
CVE-2012-4419
The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field tha…
EPSS: 0.016 (82.2th percentile) — read the EPSS interpretation.
Affected products
- Torproject Tor — versions 0.0.2, 0.0.3, 0.0.4
- N/a — versions n/a
References
- GLSA-201301-03 (vendor-advisory, x_refsource_GENTOO)
- secalert@redhat.com (x_refsource_CONFIRM)
- [oss-security] 20120912 Re: CVE id request: tor (mailing-list, x_refsource_MLIST)
- 50583 (x_refsource_SECUNIA, third-party-advisory)
- [tor-talk] 20120905 Tor 0.2.3.21-rc is out (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_CONFIRM)
- FEDORA-2012-14638 (x_refsource_FEDORA, vendor-advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- openSUSE-SU-2012:1278 (vendor-advisory, x_refsource_SUSE)