Home page logo
/

oss-sec logo oss-sec mailing list archives

tor DoS via SENDME cells
From: Vincent Danen <vdanen () redhat com>
Date: Mon, 26 Nov 2012 09:48:57 -0700

I've not seen a CVE for this yet, could one get assigned?

It was reported that Tor suffered from a denial of service
vulnerability due to an error when handling SENDME cells.  This could be
exploited to cause excessive consumption of memory resources within an
entry node.

This is fixed in upstream version 0.2.3.25.

References:

https://secunia.com/advisories/51329/
https://trac.torproject.org/projects/tor/ticket/6252
https://gitweb.torproject.org/arma/tor.git/commitdiff/b9b54568c0bb64c32bd0b362954bdbc8c1234b16
https://bugzilla.redhat.com/show_bug.cgi?id=880310
https://bugs.gentoo.org/show_bug.cgi?id=444804

Thanks.

--
Vincent Danen / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault