CVE-2012-3517 — TOR vulnerability

CWE-39912 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

1.5%

top 19.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Torproject TOR TOR

Timeline

PublishedAug 26

Latest updateMay 17

Description

Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debiantorproject/tor< 0.2.3.20-rc-1+3

▶NVDtor/tor0.2.2.37

Patches

Patch: trac.torproject.org ↗Patch: trac.torproject.org ↗

🔴Vulnerability Details

GHSA

GHSA-pww9-9prw-24pv: Use-after-free vulnerability in dns↗2022-05-17

▶

CVEList

CVE-2012-3517: Use-after-free vulnerability in dns↗2012-08-26

▶

OSV

CVE-2012-3517: Use-after-free vulnerability in dns↗2012-08-26

▶

📋Vendor Advisories

Red Hat

OpenSSO: Unspecified vulnerability allows remote attackers to affect integrity via unknown vectors↗2012-01-18

▶

Debian

CVE-2012-3517: tor - Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote ...↗2012

▶

Red Hat

OpenSSO: unspecified vulnerability in the authentication component↗2011-10-18

▶

Red Hat

OpenSSO: unspecified vulnerability in the authentication component↗2011-10-18

▶

💬Community

Bugzilla

CVE-2012-3517 tor: Read from freed memory and double free by processing failed DNS request↗2012-08-21

▶

Bugzilla

CVE-2012-0079 OpenSSO: Unspecified vulnerability allows remote attackers to affect integrity via unknown vectors↗2012-01-23

▶

Bugzilla

CVE-2011-3517 Oracle OpenSSO: unspecified vulnerability in the authentication component↗2011-10-26

▶

Bugzilla

CVE-2011-3506 Oracle OpenSSO: unspecified vulnerability in the authentication component↗2011-10-26

▶