rpm package

suse/tor&distro=SUSE Package Hub 15 SP1

pkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2015%20SP1

Vulnerabilities (3)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2020-15572	—	< 0.4.4.6-bp152.2.3.1	0.4.4.6-bp152.2.3.1	Jul 15, 2020	Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.
CVE-2020-10593	—	< 0.4.4.6-bp152.2.3.1	0.4.4.6-bp152.2.3.1	Mar 23, 2020	Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit
CVE-2020-10592	—	< 0.4.4.6-bp152.2.3.1	0.4.4.6-bp152.2.3.1	Mar 23, 2020	Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.

CVE-2020-15572Jul 15, 2020
affected < 0.4.4.6-bp152.2.3.1fixed 0.4.4.6-bp152.2.3.1
Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.
CVE-2020-10593Mar 23, 2020
affected < 0.4.4.6-bp152.2.3.1fixed 0.4.4.6-bp152.2.3.1
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit
CVE-2020-10592Mar 23, 2020
affected < 0.4.4.6-bp152.2.3.1fixed 0.4.4.6-bp152.2.3.1
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.