CVE-2010-1676

Published: 22/12/2010 Updated: 22/01/2011

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Heap-based buffer overflow in Tor prior to 0.2.1.28 and 0.2.2.x prior to 0.2.2.20-alpha allows remote malicious users to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tor tor 0.1.1.1 alpha
tor tor 0.2.1.1.14
tor tor 0.2.2.17
tor tor 0.1.1.6
tor tor 0.1.1.9
tor tor 0.0.6.2
tor tor 0.2.1.1.12
tor tor 0.1.2.1 alpha-cvs
tor tor 0.1.0.18
tor tor 0.2.2.8
tor tor 0.0.2 pre24
tor tor 0.2.1.1.16
tor tor 0.0.2 pre16
tor tor 0.2.2.5
tor tor 0.1.1.23
tor tor 0.0.5
tor tor 0.1.0.7
tor tor 0.0.9.8
tor tor 0.0.9.10
tor tor 0.1.1.19
tor tor 0.1.2.18
tor tor 0.0.9.2
tor tor 0.1.2.10
tor tor 0.2.2.11
tor tor 0.0.7
tor tor 0.1.0.10
tor tor 0.1.2.9
tor tor 0.0.9
tor tor 0.1.0.8
tor tor 0.2.1.1.18
tor tor 0.2.1.1.17
tor tor 0.0.9.5
tor tor 0.1.0.12
tor tor 0.0.9.3
tor tor 0.1.2.5
tor tor 0.1.2.16
tor tor 0.0.2 pre17
tor tor 0.1.1.26
tor tor 0.0.8
tor tor 0.2.2.1
tor tor 0.0.9.9
tor tor 0.1.1.3 alpha
tor tor 0.1.1.17
tor tor 0.1.0.5
tor tor 0.1.2.14
tor tor 0.1.0.2
tor tor 0.1.0.1
tor tor 0.2.1.1.24
tor tor 0.2.1.1.25
tor tor 0.1.1.2
tor tor 0.0.2 pre19
tor tor 0.0.2 pre23
tor tor 0.1.1.8
tor tor 0.0.2 pre14
tor tor 0.1.1.5
tor tor 0.1.0.13
tor tor 0.1.0.19
tor tor 0.2.2.6
tor tor 0.2.2.14
tor tor 0.2.2.12
tor tor 0.1.0.3
tor tor 0.0.7.1
tor tor 0.0.6
tor tor 0.1.1.10 alpha
tor tor 0.0.2 pre26
tor tor 0.1.0.14
tor tor 0.1.1.12
tor tor 0.1.1.16
tor tor 0.0.3
tor tor 0.1.1.18
tor tor 0.0.9.4
tor tor 0.1.1.15
tor tor 0.1.1.4 alpha
tor tor 0.1.1.21
tor tor 0.0.2 pre22
tor tor 0.0.2 pre21
tor tor 0.1.2.4
tor tor 0.1.2.11
tor tor 0.2.2.19
tor tor 0.1.0.15
tor tor 0.1.2.19
tor tor 0.1.2.7
tor tor 0.0.6.1
tor tor 0.2.1.1.19
tor tor 0.2.1.1.13
tor tor 0.0.2
tor tor 0.2.2.3
tor tor 0.1.1.14
tor tor 0.2.2.2
tor tor 0.1.0.6
tor tor 0.2.1.1.22
tor tor 0.1.1.3
tor tor 0.2.1.1.21
tor tor 0.2.2.10
tor tor 0.1.1.7 alpha
tor tor 0.0.2 pre13
tor tor 0.1.1.6 alpha
tor tor 0.1.0.9
tor tor 0.1.1
tor tor 0.1.1.22
tor tor 0.1.2.2
tor tor 0.0.7.3
tor tor 0.0.7.2
tor tor 0.1.2.13
tor tor 0.1.1.2 alpha
tor tor 0.1.1.1
tor tor 0.1.0.16
tor tor 0.2.2.16
tor tor 0.0.9.1
tor tor 0.1.1.10
tor tor 0.2.2.4
tor tor 0.2.2.13
tor tor 0.0.2 pre18
tor tor 0.2.2.7
tor tor 0.0.2 pre27
tor tor 0.0.9.7
tor tor 0.1.1.20
tor tor 0.1.0.17
tor tor 0.1.1.7
tor tor 0.0.8.1
tor tor 0.0.4
tor tor 0.0.2 pre25
tor tor 0.2.1.1.26
tor tor 0.2.1.1.23
tor tor 0.2.1.1.20
tor tor 0.2.2.18
tor tor 0.1.1.25
tor tor 0.1.0.4
tor tor 0.0.9.6
tor tor 0.2.2.9
tor tor 0.1.1.13
tor tor 0.1.1.8 alpha
tor tor 0.2.1.1.15
tor tor 0.2.2.15
tor tor 0.1.2.30
tor tor 0.1.1.9 alpha
tor tor
tor tor 0.1.1.5 alpha
tor tor 0.1.0.11
tor tor 0.1.1.11
tor tor 0.0.2 pre15
tor tor 0.0.2 pre20
tor tor 0.1.2.12
tor tor 0.1.1.4

Willem Pinckaers discovered that Tor, a tool to enable online anonymity, does not correctly handle all data read from the network By supplying specially crafted packets a remote attacker can cause Tor to overflow its heap, crashing the process Arbitrary code execution has not been confirmed but there is a potential risk In the stable distributio ...

CWE-119 http://archives.seul.org/or/announce/Dec-2010/msg00000.html http://blog.torproject.org/blog/tor-02128-released-security-patches http://blog.torproject.org/blog/tor-02220-alpha-out-security-patches http://www.vupen.com/english/advisories/2010/3290 http://secunia.com/advisories/42536 http://www.securityfocus.com/bid/45500 https://gitweb.torproject.org/tor.git/blob/release-0.2.1:/ChangeLog http://securitytracker.com/id?1024910 http://www.debian.org/security/2010/dsa-2136 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052657.html http://secunia.com/advisories/42667 http://secunia.com/advisories/42783 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052690.html http://www.vupen.com/english/advisories/2011/0114 http://secunia.com/advisories/42916 http://security.gentoo.org/glsa/glsa-201101-02.xml https://nvd.nist.gov https://www.debian.org/security/./dsa-2136

Get Started

CVE-2010-1676

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect