Tor prior to 0.2.8.9 and 0.2.9.x prior to 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote malicious users to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
torproject tor 0.2.9.3 |
||
torproject tor 0.2.9.0 |
||
torproject tor |
||
torproject tor 0.2.9.2 |
||
torproject tor 0.2.9.1 |