Описание
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the OpenSSL library to ask the user for the password, aka TROVE-2017-011.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 0.3.0.13-0ubuntu1~17.10.2 |
| bionic | not-affected | 0.3.1.9-1 |
| cosmic | not-affected | 0.3.1.9-1 |
| devel | not-affected | 0.3.1.9-1 |
| esm-apps/bionic | not-affected | 0.3.1.9-1 |
| esm-apps/xenial | released | 0.2.9.14-1ubuntu1~16.04.2 |
| esm-infra-legacy/trusty | released | 0.2.4.27-1ubuntu0.1 |
| precise/esm | DNE | |
| trusty | released | 0.2.4.27-1ubuntu0.1 |
| trusty/esm | released | 0.2.4.27-1ubuntu0.1 |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the OpenSSL library to ask the user for the password, aka TROVE-2017-011.
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 bef ...
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the OpenSSL library to ask the user for the password, aka TROVE-2017-011.
EPSS
5 Medium
CVSS2
7.5 High
CVSS3