rpm package
suse/tor&distro=SUSE Package Hub 12
pkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2012
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-15572 | — | < 0.4.4.6-bp152.2.3.1 | 0.4.4.6-bp152.2.3.1 | Jul 15, 2020 | Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001. | ||
| CVE-2020-10593 | — | < 0.4.4.6-bp152.2.3.1 | 0.4.4.6-bp152.2.3.1 | Mar 23, 2020 | Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit | ||
| CVE-2020-10592 | — | < 0.4.4.6-bp152.2.3.1 | 0.4.4.6-bp152.2.3.1 | Mar 23, 2020 | Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002. | ||
| CVE-2019-8955 | — | < 0.3.4.11-bp150.3.6.1 | 0.3.4.11-bp150.3.6.1 | Feb 21, 2019 | In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler. | ||
| CVE-2018-0491 | — | < 0.3.2.10-14.1 | 0.3.2.10-14.1 | Mar 5, 2018 | A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list. | ||
| CVE-2018-0490 | — | < 0.3.2.10-14.1 | 0.3.2.10-14.1 | Mar 5, 2018 | An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service (NULL pointer dereference and directory-authority crash) via | ||
| CVE-2017-8823 | Hig | 8.1 | < 0.3.1.9-8.1 | 0.3.1.9-8.1 | Dec 3, 2017 | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certain error cases, aka TRO | |
| CVE-2017-8822 | Low | 3.7 | < 0.3.1.9-8.1 | 0.3.1.9-8.1 | Dec 3, 2017 | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017 | |
| CVE-2017-8821 | Hig | 7.5 | < 0.3.1.9-8.1 | 0.3.1.9-8.1 | Dec 3, 2017 | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which triggers | |
| CVE-2017-8820 | Hig | 7.5 | < 0.3.1.9-8.1 | 0.3.1.9-8.1 | Dec 3, 2017 | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descr | |
| CVE-2017-8819 | Hig | 7.5 | < 0.3.1.9-8.1 | 0.3.1.9-8.1 | Dec 3, 2017 | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigg |
- CVE-2020-15572Jul 15, 2020affected < 0.4.4.6-bp152.2.3.1fixed 0.4.4.6-bp152.2.3.1
Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.
- CVE-2020-10593Mar 23, 2020affected < 0.4.4.6-bp152.2.3.1fixed 0.4.4.6-bp152.2.3.1
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit
- CVE-2020-10592Mar 23, 2020affected < 0.4.4.6-bp152.2.3.1fixed 0.4.4.6-bp152.2.3.1
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.
- CVE-2019-8955Feb 21, 2019affected < 0.3.4.11-bp150.3.6.1fixed 0.3.4.11-bp150.3.6.1
In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler.
- CVE-2018-0491Mar 5, 2018affected < 0.3.2.10-14.1fixed 0.3.2.10-14.1
A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.
- CVE-2018-0490Mar 5, 2018affected < 0.3.2.10-14.1fixed 0.3.2.10-14.1
An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service (NULL pointer dereference and directory-authority crash) via
- affected < 0.3.1.9-8.1fixed 0.3.1.9-8.1
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certain error cases, aka TRO
- affected < 0.3.1.9-8.1fixed 0.3.1.9-8.1
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017
- affected < 0.3.1.9-8.1fixed 0.3.1.9-8.1
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which triggers
- affected < 0.3.1.9-8.1fixed 0.3.1.9-8.1
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descr
- affected < 0.3.1.9-8.1fixed 0.3.1.9-8.1
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigg