CVE-2007-4096 — Improper Restriction of Operations within the Bounds of a Memory Buffer in TOR

13 documents7 sources

Severity

5.8MEDIUMNVD

EPSS

1.1%

top 22.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Torproject TOR TOR

Timeline

PublishedJul 30

Latest updateMay 1

Description

Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, allows remote attackers to cause a denial of service via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:N/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

▶Debiantorproject/tor< 0.1.2.15-1+3

▶NVDtor/tor15 versions+14

Patches

Patch: archives.seul.org ↗Patch: secunia.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-rmmw-wrwp-3vrq: Buffer overflow in Tor before 0↗2022-05-01

▶

CVEList

CVE-2007-4096: Buffer overflow in Tor before 0↗2007-07-30

▶

OSV

CVE-2007-4096: Buffer overflow in Tor before 0↗2007-07-30

▶

💥Exploits & PoCs

Exploit-DB

Apple QuickTime 7.2/7.3 - RTSP Buffer Overflow↗2010-01-06

▶

Exploit-DB

Radio istek scripti 2.5 - Remote Configuration Disclosure↗2009-11-25

▶

Exploit-DB

MiniWebsvr 0.0.9a - Remote Directory Traversal↗2008-03-03

▶

Exploit-DB

Apple QuickTime 7.2/7.3 - RTSP Response Remote Overwrite (SEH)↗2007-11-23

▶

Exploit-DB

Linux Kernel < 2.6.20.2 - 'IPv6_Getsockopt_Sticky' Memory Leak↗2007-07-10

▶

📋Vendor Advisories

Debian

CVE-2007-4096: tor - Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, allows remo...↗2007

▶

💬Community

Bugzilla

CVE-2007-0958 core-dumping unreadable binaries via PT_INTERP↗2007-06-08

▶