Published: 14/09/2012 Updated: 22/08/2013

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The compare_tor_addr_to_addr_policy function in or/policies.c in Tor prior to 0.2.2.39, and 0.2.3.x prior to 0.2.3.21-rc, allows remote malicious users to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison.

Vulnerable Product	Search on Vulmon	Subscribe to Product
torproject tor 0.2.2.34
torproject tor 0.2.2.31
torproject tor 0.2.2.25
torproject tor 0.2.2.24
torproject tor 0.2.0.35
torproject tor 0.2.0.34
torproject tor 0.2.0.33
torproject tor 0.1.2.16
torproject tor 0.1.2.15
torproject tor 0.1.1.22
torproject tor 0.1.1.21
torproject tor 0.1.0.12
torproject tor 0.1.0.11
torproject tor 0.1.0.10
torproject tor 0.0.9.4
torproject tor 0.0.9.3
torproject tor 0.0.7
torproject tor 0.0.6.2
torproject tor 0.0.2
torproject tor 0.2.3.18
torproject tor 0.2.3.17
torproject tor
torproject tor 0.2.2.33
torproject tor 0.2.2.30
torproject tor 0.2.2.23
torproject tor 0.2.2.22
torproject tor 0.2.0.32
torproject tor 0.2.0.31
torproject tor 0.1.2.14
torproject tor 0.1.2.13
torproject tor 0.1.1.20
torproject tor 0.1.0.17
torproject tor 0.0.9.10
torproject tor 0.0.9.9
torproject tor 0.0.9.2
torproject tor 0.0.9.1
torproject tor 0.0.6.1
torproject tor 0.0.6
torproject tor 0.2.3.16
torproject tor 0.2.3.15
torproject tor 0.2.2.37
torproject tor 0.2.2.36
torproject tor 0.2.2.29
torproject tor 0.2.2.28
torproject tor 0.2.2.21
torproject tor 0.2.2.20
torproject tor 0.2.0.30
torproject tor 0.1.2.19
torproject tor 0.1.1.26
torproject tor 0.1.1.25
torproject tor 0.1.0.16
torproject tor 0.1.0.15
torproject tor 0.0.9.8
torproject tor 0.0.9.7
torproject tor 0.0.8.1
torproject tor 0.0.7.3
torproject tor 0.0.5
torproject tor 0.0.4
torproject tor 0.2.3.14
torproject tor 0.2.3.13
torproject tor 0.2.3
torproject tor 0.2.2.35
torproject tor 0.2.2.32
torproject tor 0.2.2.27
torproject tor 0.2.2.26
torproject tor 0.2.2.19
torproject tor 0.2.2.18
torproject tor 0.1.2.18
torproject tor 0.1.2.17
torproject tor 0.1.1.24
torproject tor 0.1.1.23
torproject tor 0.1.0.14
torproject tor 0.1.0.13
torproject tor 0.0.9.6
torproject tor 0.0.9.5
torproject tor 0.0.7.2
torproject tor 0.0.7.1
torproject tor 0.0.3
torproject tor 0.2.3.20
torproject tor 0.2.3.19

Several vulnerabilities have been discovered in Tor, an online privacy tool CVE-2012-3518 Avoid an uninitialised memory read when reading a vote or consensus document that has an unrecognized flavour name This could lead to a remote crash, resulting in denial of service CVE-2012-3519 Try to leak less information about what relays a clie ...

NVD-CWE-noinfo http://openwall.com/lists/oss-security/2012/09/13/2 https://trac.torproject.org/projects/tor/ticket/6690 https://gitweb.torproject.org/tor.git/commit/62d96284f7e0f81c40d5df7e53dd7b4dfe7e56a5 https://lists.torproject.org/pipermail/tor-talk/2012-September/025434.html https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes http://lists.opensuse.org/opensuse-updates/2012-10/msg00005.html http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088006.html http://secunia.com/advisories/50583 http://security.gentoo.org/glsa/glsa-201301-03.xml https://nvd.nist.gov https://www.debian.org/security/./dsa-2548

CVE-2012-4419

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect