Unrated severityOSV Advisory· Published Feb 21, 2019· Updated Aug 4, 2024

CVE-2019-8955

Description

In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler.

Affected products

Torproject/TorOSV
Range: debian-version-0.0.1+0.0.2pre19-1, debian-version-0.0.1+0.0.2pre20-1, debian-version-0.0.1+0.0.2pre20-2, …
osv-coords4 versions
pkg:rpm/opensuse/tor&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/tor&distro=openSUSE%20Tumbleweed pkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2012 pkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2015
< 0.3.4.11-bp150.3.6.1+ 3 more
- (no CPE)range: < 0.3.4.11-bp150.3.6.1
- (no CPE)range: < 0.4.6.7-2.2
- (no CPE)range: < 0.3.4.11-bp150.3.6.1
- (no CPE)range: < 0.3.4.11-bp150.3.6.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2019-04/msg00013.htmlmitrevendor-advisoryx_refsource_SUSE
www.securityfocus.com/bid/107136mitrevdb-entryx_refsource_BID
blog.torproject.org/new-releases-tor-0402-alpha-0358-03411-and-03312mitrex_refsource_MISC
trac.torproject.org/projects/tor/ticket/29168mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000