Tor: >> Tor >> 0.2.0.32 Security Vulnerabilities
Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (assertion failure and daemon exit) via blobs that trigger a certain file size, as demonstrated by the cached-descriptors.new file.
CVSS Score
5.0
EPSS Score
0.014
Published
2011-01-19
Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly manage key data in memory, which might allow local users to obtain sensitive information by leveraging the ability to read memory that was previously used by a different process.
CVSS Score
2.1
EPSS Score
0.001
Published
2011-01-19
Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
CVSS Score
6.8
EPSS Score
0.059
Published
2011-01-19
Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to Libevent within Libevent log handlers, which might allow remote attackers to cause a denial of service (daemon crash) via vectors that trigger certain log messages.
CVSS Score
5.0
EPSS Score
0.014
Published
2011-01-19
Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor.
CVSS Score
5.0
EPSS Score
0.023
Published
2011-01-19
Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to cause a denial of service (infinite loop) via "corrupt votes."
CVSS Score
5.0
EPSS Score
0.005
Published
2009-03-18
Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service via unknown vectors.
CVSS Score
5.0
EPSS Score
0.005
Published
2009-03-18
Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service (exit node crash) via "malformed input."
CVSS Score
5.0
EPSS Score
0.007
Published
2009-03-18
Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0.
CVSS Score
10.0
EPSS Score
0.007
Published
2009-03-18
Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve."
CVSS Score
5.1
EPSS Score
0.005
Published
2009-02-20