Vulnerability in Torproject Tor
CVE-2012-5573
The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial of service (memory consumption or exces…
EPSS: 0.010 (77.5th percentile) — read the EPSS interpretation.
Affected products
- Torproject Tor — versions 0.0.2, 0.0.3, 0.0.4
- N/a — versions n/a
Weakness classification (CWE)
References
- GLSA-201301-03 (vendor-advisory, x_refsource_GENTOO)
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- 51329 (x_refsource_SECUNIA, third-party-advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Patch)
- [oss-security] 20121126 Re: tor DoS via SENDME cells (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_CONFIRM)
- tor-sendme-dos(80289) (vdb-entry, x_refsource_XF)
- secalert@redhat.com (x_refsource_CONFIRM)