Описание
Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 0.2.8.9-1ubuntu1 |
| bionic | not-affected | 0.2.8.9-1ubuntu1 |
| cosmic | not-affected | 0.2.8.9-1ubuntu1 |
| devel | not-affected | 0.2.8.9-1ubuntu1 |
| esm-apps/bionic | not-affected | 0.2.8.9-1ubuntu1 |
| esm-apps/xenial | not-affected | 0.2.8.9-1ubuntu1 |
| esm-infra-legacy/trusty | released | 0.2.4.27-1ubuntu0.1 |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| trusty | released | 0.2.4.27-1ubuntu0.1 |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.
Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal funct ...
Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.
EPSS
5 Medium
CVSS2
7.5 High
CVSS3