Published: 29/06/2021 Updated: 20/09/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

An issue exists in Tor prior to 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor

Vulnerable Product	Search on Vulmon	Subscribe to Product
torproject tor

Debian Bug report logs - #990000 tor: CVE-2021-34548 CVE-2021-34549 CVE-2021-34550 Package: src:tor; Maintainer for src:tor is Peter Palfrader <weasel@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 17 Jun 2021 13:57:02 UTC Severity: important Tags: security, upstream Found in version t ...

Multiple security vulnerabilities were discovered in Tor, a connection-based low-latency anonymous communication system, which could result in denial of service or spoofing For the stable distribution (buster), these problems have been fixed in version 03515-1 We recommend that you upgrade your tor packages For the detailed security status of ...

A security issue has been found in Tor before version 0459 An out-of-bounds memory access in the v3 onion service descriptor parsing could be exploited by crafting an onion service descriptor that would crash any client that tried to visit it ...

CWE-119 https://gitlab.torproject.org/tpo/core/tor/-/issues/40392 https://blog.torproject.org/node/2041 https://security.gentoo.org/glsa/202107-25 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990000 https://nvd.nist.gov https://www.debian.org/security/2021/dsa-4932

CVE-2021-34550

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect