Total
35 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2928 | 1 Torproject | 1 Tor | 2020-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. | |||||
| CVE-2015-2689 | 1 Torproject | 1 Tor | 2020-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets. | |||||
| CVE-2015-2688 | 1 Torproject | 1 Tor | 2020-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets. | |||||
| CVE-2017-0375 | 1 Torproject | 1 Tor | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell. | |||||
| CVE-2017-0376 | 2 Debian, Torproject | 2 Debian Linux, Tor | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit. | |||||
| CVE-2018-0490 | 2 Debian, Torproject | 2 Debian Linux, Tor | 2019-04-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service (NULL pointer dereference and directory-authority crash) via a misformatted relay descriptor that is mishandled during voting. | |||||
| CVE-2018-0491 | 1 Torproject | 1 Tor | 2019-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list. | |||||
| CVE-2017-0380 | 1 Torproject | 1 Tor | 2017-11-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit. | |||||
| CVE-2012-5573 | 1 Torproject | 1 Tor | 2017-08-29 | 5.0 MEDIUM | N/A |
| The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial of service (memory consumption or excessive cell reception rate) or bypass intended flow-control restrictions via a RELAY_COMMAND_SENDME command. | |||||
| CVE-2017-0377 | 1 Torproject | 1 Tor | 2017-07-14 | 5.0 MEDIUM | 7.5 HIGH |
| Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families. | |||||
| CVE-2016-8860 | 1 Torproject | 1 Tor | 2017-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data. | |||||
| CVE-2014-5117 | 1 Torproject | 1 Tor | 2017-01-07 | 5.8 MEDIUM | N/A |
| Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names. | |||||
| CVE-2013-7295 | 1 Torproject | 1 Tor | 2014-02-12 | 4.0 MEDIUM | N/A |
| Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors. | |||||
| CVE-2012-4922 | 1 Torproject | 1 Tor | 2013-08-22 | 5.0 MEDIUM | N/A |
| The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed directory object, a different vulnerability than CVE-2012-4419. | |||||
| CVE-2012-4419 | 1 Torproject | 1 Tor | 2013-08-22 | 5.0 MEDIUM | N/A |
| The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison. | |||||