Published: 05/03/2018 Updated: 26/03/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

A use-after-free issue exists in Tor 0.3.2.x prior to 0.3.2.10. It allows remote malicious users to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.

Vulnerable Product	Search on Vulmon	Subscribe to Product
torproject tor

# Exploit Title: Tor Browser - Use After Free (PoC) # Date: 09072018 # Exploit Author: t4rkd3vilz # Vendor Homepage: wwwtorprojectorg/ # Software Link: wwwtorprojectorg/download/download-easyhtmlen # Version: Tor 032x before 03210 # Tested on: Kali Linux # CVE : CVE-2018-0491 #Run exploit, result DOS <!DOCTYPE h ...

Tor Browser versions 032x before 03210 suffer from a use-after-free vulnerability that can result in a denial of service condition ...

CWE-416 https://trac.torproject.org/projects/tor/ticket/25117 https://trac.torproject.org/projects/tor/ticket/24700 https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915 https://www.exploit-db.com/exploits/44994/https://nvd.nist.gov https://www.exploit-db.com/exploits/44994/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-0491

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect