Vulnerability CVE-2016-1254


Published: 2017-12-05

Description:
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Debian
Product: Debian linux 
Version: 9.0; 8.0;
Vendor: Opensuse project
Product: LEAP 
Version: 42.2; 42.1;
Product: Opensuse 
Version: 13.2;
Vendor: Opensuse
Product: LEAP 
Version: 42.2;
Product: Opensuse 
Version: 13.2;
Vendor: Fedoraproject
Product: Fedora 
Version: 25; 24;
Vendor: Torproject
Product: TOR 
Version:
0.2.8.9
0.2.8.8
0.2.8.7
0.2.8.6
0.2.8.5
0.2.8.4
0.2.8.3
0.2.8.2
0.2.8.11
0.2.8.10
0.2.8.1
0.2.7.8
0.2.7.7
0.2.7.6
0.2.7.5
0.2.7.4
0.2.7.3
0.2.7.2
0.2.7.1
0.2.6.9
0.2.6.8
0.2.6.7
0.2.6.6
0.2.6.5
0.2.6.4
0.2.6.3
0.2.6.2
0.2.6.12
0.2.6.11
0.2.6.10
0.2.6.1
0.2.5.9
0.2.5.8
0.2.5.7
0.2.5.6
0.2.5.5
0.2.5.4
0.2.5.3
0.2.5.2
0.2.5.14
0.2.5.13
0.2.5.12
0.2.5.11
0.2.5.10
0.2.5.1
0.2.4.9
0.2.4.8
0.2.4.7
0.2.4.6
0.2.4.5
0.2.4.4
0.2.4.3
0.2.4.29
0.2.4.28
0.2.4.27
0.2.4.26
0.2.4.25
0.2.4.24
0.2.4.23
0.2.4.22
0.2.4.21
0.2.4.20
0.2.4.2
0.2.4.19
0.2.4.18
0.2.4.17
0.2.4.16
0.2.4.15
0.2.4.14
0.2.4.13
0.2.4.12
0.2.4.11
0.2.4.10
0.2.4.1
0.2.3.9
0.2.3.8
0.2.3.7
0.2.3.6
0.2.3.5
0.2.3.4
0.2.3.3
0.2.3.25
0.2.3.24
0.2.3.23
0.2.3.22
0.2.3.21
0.2.3.20
0.2.3.2
0.2.3.19
0.2.3.18
0.2.3.17
See more versions on NVD

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://lists.opensuse.org/opensuse-updates/2016-12/msg00154.html
http://lists.opensuse.org/opensuse-updates/2016-12/msg00155.html
https://blog.torproject.org/blog/tor-02812-released
https://gitweb.torproject.org/tor.git/commit/?id=d978216dea6b21ac38230a59d172139185a68dbd
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXOJSMCTIOHLBRYFBVEL3CDLGPZXX6WE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTU2R253477RZLYAJAR5DAXAON7KIVLA/
https://trac.torproject.org/projects/tor/ticket/21018
https://www.debian.org/security/2016/dsa-3741

Related CVE
CVE-2019-12383
Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting.
CVE-2019-8955
In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler.
CVE-2017-16639
Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. User interaction is required to trigger this vulnerability.
CVE-2016-9079
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR <...
CVE-2018-0490
An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service (NULL pointer dereference and ...
CVE-2017-16541
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: T...
CVE-2017-0380
The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obta...
CVE-2017-0377
Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.

Copyright 2019, cxsecurity.com

 

Back to Top