High severity7.5NVD Advisory· Published Dec 5, 2017· Updated Jun 17, 2026
CVE-2016-1254
CVE-2016-1254
Description
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*range: <0.2.8.12
- (no CPE)range: <0.2.8.12
cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
8- gitweb.torproject.org/tor.git/commit/nvdPatchVendor Advisory
- lists.opensuse.org/opensuse-updates/2016-12/msg00154.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-updates/2016-12/msg00155.htmlnvdThird Party Advisory
- blog.torproject.org/blog/tor-02812-releasednvdVendor Advisory
- trac.torproject.org/projects/tor/ticket/21018nvdIssue TrackingVendor Advisory
- www.debian.org/security/2016/dsa-3741nvdThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FXOJSMCTIOHLBRYFBVEL3CDLGPZXX6WE/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTU2R253477RZLYAJAR5DAXAON7KIVLA/nvd
News mentions
0No linked articles in our index yet.