Published: 09/06/2017 Updated: 03/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The hidden-service feature in Tor prior to 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell.

Vulnerable Product	Search on Vulmon	Subscribe to Product
torproject tor

Debian Bug report logs - #864424 tor onion services: remote assertion failure Package: tor; Maintainer for tor is Peter Palfrader <weasel@debianorg>; Source for tor is src:tor (PTS, buildd, popcon) Reported by: Peter Palfrader <weasel@debianorg> Date: Thu, 8 Jun 2017 13:21:01 UTC Severity: serious Tags: security ...

The hidden-service feature in Tor before 0308 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell ...

Orion Elite Hidden IP Browser Pro versions 10 through 79 have insecure versions of Tor and OpenSSL included and also suffer from man-in-the-middle vulnerabilities ...

CWE-617 https://trac.torproject.org/projects/tor/ticket/22493 https://lists.torproject.org/pipermail/tor-announce/2017-June/000131.html https://github.com/torproject/tor/commit/79b59a2dfcb68897ee89d98587d09e55f07e68d7 http://www.securityfocus.com/bid/99017 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864424 https://nvd.nist.gov

CVE-2017-0375

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect