CVE-2012-3517: Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to…

medium5CVSS 3.1

AVNACLAuNCNINAP

Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests.

Affected

6 ranges

Vendor	Product	Version range	Fixed in
debian	tor	< tor 0.2.3.20-rc-1 (bookworm)	tor 0.2.3.20-rc-1 (bookworm)
tor	tor	<= 0.2.2.37	—
torproject	tor	>= 0 < 0.2.3.20-rc-1	0.2.3.20-rc-1
torproject	tor	>= 0 < 0.2.3.20-rc-1	0.2.3.20-rc-1
torproject	tor	>= 0 < 0.2.3.20-rc-1	0.2.3.20-rc-1
torproject	tor	>= 0 < 0.2.3.20-rc-1	0.2.3.20-rc-1

CVSS provenance

nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P

osv5.0MEDIUM