Published: 03/12/2017 Updated: 21/12/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

In Tor prior to 0.2.5.16, 0.2.6 up to and including 0.2.8 prior to 0.2.8.17, 0.2.9 prior to 0.2.9.14, 0.3.0 prior to 0.3.0.13, and 0.3.1 prior to 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the OpenSSL library to ask the user for the password, aka TROVE-2017-011.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tor project tor
debian debian linux 8.0
debian debian linux 9.0

Multiple vulnerabilities have been found in Tor, a connection-based low-latency anonymous communication system For the oldstable distribution (jessie), these problems have been fixed in version 02516-1 For the stable distribution (stretch), these problems have been fixed in version 02914-1 We recommend that you upgrade your tor packages F ...

CWE-119 https://bugs.torproject.org/24246 https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 https://www.debian.org/security/2017/dsa-4054 https://nvd.nist.gov https://www.debian.org/security/./dsa-4054

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-8821

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect