VYPR

Tor

by Torproject

Source repositories

CVEs (42)

  • CVE-2015-2929Jan 24, 2020
    risk 0.00cvss epss 0.01

    The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor.

  • CVE-2015-2928Jan 24, 2020
    risk 0.00cvss epss 0.01

    The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors.

  • CVE-2019-8955Feb 21, 2019
    risk 0.00cvss epss 0.05

    In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler.

  • CVE-2014-5117Jul 30, 2014
    risk 0.00cvss epss 0.02

    Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of…

  • CVE-2012-2250Feb 3, 2014
    risk 0.00cvss epss 0.01

    Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol negotiation incorrectly.

  • CVE-2012-2249Feb 3, 2014
    risk 0.00cvss epss 0.01

    Tor before 0.2.3.23-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a renegotiation attempt that occurs after the initiation of the V3 link protocol.

  • CVE-2013-7295Jan 17, 2014
    risk 0.00cvss epss 0.02

    Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it…

  • CVE-2012-5573Jan 1, 2013
    risk 0.00cvss epss 0.03

    The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial of service (memory consumption or excessive cell reception rate) or bypass…

  • CVE-2012-4922Sep 14, 2012
    risk 0.00cvss epss 0.02

    The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed directory object, a different…

  • CVE-2012-4419Sep 14, 2012
    risk 0.00cvss epss 0.02

    The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy…

  • CVE-2011-1924Jun 14, 2011
    risk 0.00cvss epss 0.03

    Buffer overflow in the policy_summarize function in or/policies.c in Tor before 0.2.1.30 allows remote attackers to cause a denial of service (directory authority crash) via a crafted policy that triggers creation of a long port list.

  • CVE-2011-0016Jan 19, 2011
    risk 0.00cvss epss 0.00

    Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly manage key data in memory, which might allow local users to obtain sensitive information by leveraging the ability to read memory that was previously used by a different process.

  • CVE-2009-0939Mar 18, 2009
    risk 0.00cvss epss 0.02

    Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0.

  • CVE-2009-0938Mar 18, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service (exit node crash) via "malformed input."

  • CVE-2009-0937Mar 18, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service via unknown vectors.

  • CVE-2009-0936Mar 18, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to cause a denial of service (infinite loop) via "corrupt votes."

  • CVE-2009-0654Feb 20, 2009
    risk 0.00cvss epss 0.02

    Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell,…

  • CVE-2009-0414Feb 3, 2009
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impact and remote attack vectors that trigger heap corruption.

  • CVE-2008-5398Dec 9, 2008
    risk 0.00cvss epss 0.02

    Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the…

  • CVE-2008-5397Dec 9, 2008
    risk 0.00cvss epss 0.00

    Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process.