CVE-2011-2778 — Improper Restriction of Operations within the Bounds of a Memory Buffer in TOR

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources

Severity

7.6HIGHNVD

EPSS

3.5%

top 12.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Torproject TOR TOR

Timeline

PublishedDec 23

Latest updateMay 17

Description

Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by (1) establishing a SOCKS connection to SocksPort or (2) leveraging a SOCKS proxy configuration.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages2 packages

▶Debiantorproject/tor< 0.2.2.35-1+3

▶NVDtor/tor0.2.2.34+205

Patches

Patch: blog.torproject.org ↗Patch: blog.torproject.org ↗

🔴Vulnerability Details

GHSA

GHSA-63gv-rq26-r5mp: Multiple heap-based buffer overflows in Tor before 0↗2022-05-17

▶

OSV

CVE-2011-2778: Multiple heap-based buffer overflows in Tor before 0↗2011-12-23

▶

CVEList

CVE-2011-2778: Multiple heap-based buffer overflows in Tor before 0↗2011-12-23

▶

📋Vendor Advisories

Debian

CVE-2011-2778: tor - Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow remote attacke...↗2011

▶

💬Community

Bugzilla

CVE-2011-2778 CVE-2011-4897 tor various flaws [epel-5]↗2012-12-11

▶

Bugzilla

CVE-2011-2778 Tor heap-based buffer overflow↗2011-12-16

▶