Unrated severityNVD Advisory· Published Mar 23, 2020· Updated Aug 4, 2024
CVE-2020-10593
CVE-2020-10593
Description
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit.
Affected products
7- Tor/Tordescription
- osv-coords6 versionspkg:rpm/opensuse/tor&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/tor&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/tor&distro=openSUSE%20Tumbleweedpkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2012pkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2015%20SP2
< 0.3.5.10-lp151.2.3.1+ 5 more
- (no CPE)range: < 0.3.5.10-lp151.2.3.1
- (no CPE)range: < 0.4.4.6-bp152.2.3.1
- (no CPE)range: < 0.4.6.7-2.2
- (no CPE)range: < 0.4.4.6-bp152.2.3.1
- (no CPE)range: < 0.4.4.6-bp152.2.3.1
- (no CPE)range: < 0.4.4.6-bp152.2.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- lists.opensuse.org/opensuse-security-announce/2020-03/msg00045.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-03/msg00052.htmlmitrevendor-advisoryx_refsource_SUSE
- security.gentoo.org/glsa/202003-50mitrevendor-advisoryx_refsource_GENTOO
- trac.torproject.org/projects/tor/ticket/33619mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.