CVE-2012-3518Improper Restriction of Operations within the Bounds of a Memory Buffer in TOR

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
1.5%
top 19.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Torproject TORTOR
Timeline
PublishedAug 26
Latest updateMay 17

Description

The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debiantorproject/tor< 0.2.3.20-rc-1+3
NVDtor/tor0.2.2.37

🔴Vulnerability Details

3
GHSA
GHSA-qcx3-c5rp-cj34: The networkstatus_parse_vote_from_string function in routerparse2022-05-17
OSV
CVE-2012-3518: The networkstatus_parse_vote_from_string function in routerparse2012-08-26
CVEList
CVE-2012-3518: The networkstatus_parse_vote_from_string function in routerparse2012-08-26

📋Vendor Advisories

1
Debian
CVE-2012-3518: tor - The networkstatus_parse_vote_from_string function in routerparse.c in Tor before...2012
CVE-2012-3518 — TOR vulnerability | cvebase