CVE-2012-3518
published 2012-08-26CVE-2012-3518: The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote…
medium5CVSS 3.1
AVNACLAuNCNINAP
The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tor | < tor 0.2.3.20-rc-1 (bookworm) | tor 0.2.3.20-rc-1 (bookworm) |
| tor | tor | <= 0.2.2.37 | — |
| torproject | tor | >= 0 < 0.2.3.20-rc-1 | 0.2.3.20-rc-1 |
| torproject | tor | >= 0 < 0.2.3.20-rc-1 | 0.2.3.20-rc-1 |
| torproject | tor | >= 0 < 0.2.3.20-rc-1 | 0.2.3.20-rc-1 |
| torproject | tor | >= 0 < 0.2.3.20-rc-1 | 0.2.3.20-rc-1 |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM