Описание
A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| tor | fixed | 0.3.2.10-1 | package | |
| tor | not-affected | stretch | package | |
| tor | not-affected | jessie | package | |
| tor | not-affected | wheezy | package |
Примечания
https://trac.torproject.org/projects/tor/ticket/25117
https://trac.torproject.org/projects/tor/ticket/24700
https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915
https://gitweb.torproject.org/tor.git/commit/?id=adaf3e9b89f62d68ab631b8f672d9bff996689b9
EPSS
Связанные уязвимости
A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.
A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.
A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.
EPSS