|
oss-sec
mailing list archives
tor DoS via SENDME cells
From: Vincent Danen <vdanen () redhat com>
Date: Mon, 26 Nov 2012 09:48:57 -0700
I've not seen a CVE for this yet, could one get assigned?
It was reported that Tor suffered from a denial of service
vulnerability due to an error when handling SENDME cells. This could be
exploited to cause excessive consumption of memory resources within an
entry node.
This is fixed in upstream version 0.2.3.25.
References:
https://secunia.com/advisories/51329/
https://trac.torproject.org/projects/tor/ticket/6252
https://gitweb.torproject.org/arma/tor.git/commitdiff/b9b54568c0bb64c32bd0b362954bdbc8c1234b16
https://bugzilla.redhat.com/show_bug.cgi?id=880310
https://bugs.gentoo.org/show_bug.cgi?id=444804
Thanks.
--
Vincent Danen / Red Hat Security Response Team
 By Date 
By Thread
Current thread:
- tor DoS via SENDME cells Vincent Danen (Nov 26)
| 
