Unrated severityNVD Advisory· Published Mar 5, 2018· Updated Aug 5, 2024

CVE-2018-0491

Description

A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.

Affected products

osv-coords2 versions
pkg:rpm/opensuse/tor&distro=openSUSE%20Tumbleweed pkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2012
< 0.4.6.7-2.2+ 1 more
- (no CPE)range: < 0.4.6.7-2.2
- (no CPE)range: < 0.3.2.10-14.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/44994/mitreexploitx_refsource_EXPLOIT-DB
blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915mitrex_refsource_CONFIRM
trac.torproject.org/projects/tor/ticket/24700mitrex_refsource_CONFIRM
trac.torproject.org/projects/tor/ticket/25117mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000