Published: 04/01/2017 Updated: 01/07/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Tor prior to 0.2.8.9 and 0.2.9.x prior to 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote malicious users to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.

Vulnerable Product	Search on Vulmon	Subscribe to Product
torproject tor 0.2.9.3
torproject tor 0.2.9.0
torproject tor
torproject tor 0.2.9.2
torproject tor 0.2.9.1

It has been discovered that Tor treats the contents of some buffer chunks as if they were a NUL-terminated string This issue could enable a remote attacker to crash a Tor client, hidden service, relay, or authority For the stable distribution (jessie), this problem has been fixed in version 02512-3 For the unstable distribution (sid), this pr ...

CWE-119 https://trac.torproject.org/projects/tor/ticket/20384 https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57ce https://blog.torproject.org/blog/tor-0289-released-important-fixes http://openwall.com/lists/oss-security/2016/10/19/11 http://www.securityfocus.com/bid/95116 http://www.debian.org/security/2016/dsa-3694 https://security.gentoo.org/glsa/201612-45 https://nvd.nist.gov https://www.debian.org/security/./dsa-3694

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-8860

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect