Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2017-0376

Published: 09/06/2017 Updated: 03/10/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Tor

Vulnerability Summary

The hidden-service feature in Tor prior to 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

torproject tor

debian debian linux 9.0

debian debian linux 8.0

Vendor Advisories

Debian CVElist Bug Report Logs: tor onion services: remote assertion failure
Debian Bug report logs - #864424 tor onion services: remote assertion failure Package: tor; Maintainer for tor is Peter Palfrader <weasel@debianorg>; Source for tor is src:tor (PTS, buildd, popcon) Reported by: Peter Palfrader <weasel@debianorg> Date: Thu, 8 Jun 2017 13:21:01 UTC Severity: serious Tags: security ...
Debian Security Advisories: DSA-3877-1 tor -- security update
It has been discovered that Tor, a connection-based low-latency anonymous communication system, contain a flaw in the hidden service code when receiving a BEGIN_DIR cell on a hidden service rendezvous circuit A remote attacker can take advantage of this flaw to cause a hidden service to crash with an assertion failure (TROVE-2017-005) For the sta ...
Arch Linux Issues:
The hidden-service feature in Tor before 0308 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit ...

Exploits

Exploit DB: Orion Elite Hidden IP Browser Pro 7.9 OpenSSL / Tor / Man-In-The-Middle
Orion Elite Hidden IP Browser Pro versions 10 through 79 have insecure versions of Tor and OpenSSL included and also suffer from man-in-the-middle vulnerabilities ...

References

CWE-617https://trac.torproject.org/projects/tor/ticket/22494https://lists.torproject.org/pipermail/tor-announce/2017-June/000131.htmlhttps://github.com/torproject/tor/commit/56a7c5bc15e0447203a491c1ee37de9939ad1dcdhttp://www.debian.org/security/2017/dsa-3877https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864424https://nvd.nist.govhttps://www.debian.org/security/./dsa-3877
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook