Published: 03/12/2017 Updated: 21/12/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

In Tor prior to 0.2.5.16, 0.2.6 up to and including 0.2.8 prior to 0.2.8.17, 0.2.9 prior to 0.2.9.14, 0.3.0 prior to 0.3.0.13, and 0.3.1 prior to 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certain error cases, aka TROVE-2017-013.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tor project tor
debian debian linux 8.0
debian debian linux 9.0

Multiple vulnerabilities have been found in Tor, a connection-based low-latency anonymous communication system For the oldstable distribution (jessie), these problems have been fixed in version 02516-1 For the stable distribution (stretch), these problems have been fixed in version 02914-1 We recommend that you upgrade your tor packages F ...

A use-after-free vulnerability has been found in Tor before 0319, leading to a crash of v2 Tor onion services when they failed to open circuits while expiring introduction points ...

CWE-416 https://bugs.torproject.org/24430 https://bugs.torproject.org/24313 https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 https://www.debian.org/security/2017/dsa-4054 https://nvd.nist.gov https://www.debian.org/security/./dsa-4054

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-8823

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect