High severity7.5NVD Advisory· Published Jul 15, 2020· Updated Jun 17, 2026
CVE-2020-15572
CVE-2020-15572
Description
Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- Tor/Tordescription
- Range: <0.4.3.6
- Range: unspecified
- osv-coords6 versionspkg:rpm/opensuse/tor&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/tor&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/tor&distro=openSUSE%20Tumbleweedpkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2012pkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2015%20SP2
< 0.4.4.6-bp152.2.3.1+ 5 more
- (no CPE)range: < 0.4.4.6-bp152.2.3.1
- (no CPE)range: < 0.4.4.6-bp152.2.3.1
- (no CPE)range: < 0.4.6.7-2.2
- (no CPE)range: < 0.4.4.6-bp152.2.3.1
- (no CPE)range: < 0.4.4.6-bp152.2.3.1
- (no CPE)range: < 0.4.4.6-bp152.2.3.1
Patches
Vulnerability mechanics
References
3- blog.torproject.org/new-release-tor-03511-0428-0436-security-fixesnvdRelease NotesVendor Advisory
- gitlab.torproject.org/tpo/core/tor/-/issues/33119nvdVendor Advisory
- trac.torproject.org/projects/tor/wiki/TROVEnvdVendor Advisory
News mentions
0No linked articles in our index yet.