Tor: >> Tor >> 0.2.0.35 Security Vulnerabilities
Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (assertion failure and daemon exit) via blobs that trigger a certain file size, as demonstrated by the cached-descriptors.new file.
CVSS Score
5.0
EPSS Score
0.014
Published
2011-01-19
Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly manage key data in memory, which might allow local users to obtain sensitive information by leveraging the ability to read memory that was previously used by a different process.
CVSS Score
2.1
EPSS Score
0.001
Published
2011-01-19
Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
CVSS Score
6.8
EPSS Score
0.059
Published
2011-01-19
Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to Libevent within Libevent log handlers, which might allow remote attackers to cause a denial of service (daemon crash) via vectors that trigger certain log messages.
CVSS Score
5.0
EPSS Score
0.014
Published
2011-01-19
Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor.
CVSS Score
5.0
EPSS Score
0.023
Published
2011-01-19
Tor before 0.2.0.35 allows remote attackers to cause a denial of service (application crash) via a malformed router descriptor.
CVSS Score
5.0
EPSS Score
0.014
Published
2009-07-10
Page 2