CVE-2009-2425 — Improper Input Validation in TOR

Severity

5.0MEDIUMNVD

EPSS

1.4%

top 19.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJul 10

Latest updateMay 2

Description

Tor before 0.2.0.35 allows remote attackers to cause a denial of service (application crash) via a malformed router descriptor.

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

▶Debiantorproject/tor< 0.2.0.35-1+3

▶NVDtor/tor0.2.0.35

GHSA

GHSA-g9ch-j48j-jfg7: Tor before 0↗2022-05-02

▶

CVEList

CVE-2009-2425: Tor before 0↗2009-07-10

▶

OSV

CVE-2009-2425: Tor before 0↗2009-07-10

▶

Debian

CVE-2009-2425: tor - Tor before 0.2.0.35 allows remote attackers to cause a denial of service (applic...↗2009

▶