Unrated severityNVD Advisory· Published Jul 15, 2020· Updated Aug 4, 2024
CVE-2020-15572
CVE-2020-15572
Description
Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.
Affected products
7- Tor/Tordescription
- osv-coords6 versionspkg:rpm/opensuse/tor&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/tor&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/tor&distro=openSUSE%20Tumbleweedpkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2012pkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2015%20SP2
< 0.4.4.6-bp152.2.3.1+ 5 more
- (no CPE)range: < 0.4.4.6-bp152.2.3.1
- (no CPE)range: < 0.4.4.6-bp152.2.3.1
- (no CPE)range: < 0.4.6.7-2.2
- (no CPE)range: < 0.4.4.6-bp152.2.3.1
- (no CPE)range: < 0.4.4.6-bp152.2.3.1
- (no CPE)range: < 0.4.4.6-bp152.2.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- blog.torproject.org/new-release-tor-03511-0428-0436-security-fixesmitrex_refsource_CONFIRM
- gitlab.torproject.org/tpo/core/tor/-/issues/33119mitrex_refsource_MISC
- trac.torproject.org/projects/tor/wiki/TROVEmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.