CVE-2012-4419Reachable Assertion in TOR

8 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
1.6%
top 18.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Torproject TOR
Timeline
PublishedSep 14
Latest updateMay 17

Description

The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debiantorproject/tor< 0.2.3.22-rc-1+3
NVDtorproject/tor0.2.2.38+79

🔴Vulnerability Details

3
GHSA
GHSA-jghf-vwc6-g7gh: The compare_tor_addr_to_addr_policy function in or/policies2022-05-17
OSV
CVE-2012-4419: The compare_tor_addr_to_addr_policy function in or/policies2012-09-14
CVEList
CVE-2012-4419: The compare_tor_addr_to_addr_policy function in or/policies2012-09-14

📋Vendor Advisories

1
Debian
CVE-2012-4419: tor - The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2....2012

💬Community

3
Bugzilla
CVE-2012-4419 tor: assertion failure in tor_timegm() and assertion failure when comparing an address with port 0 to an address policy [epel-5]2012-09-13
Bugzilla
CVE-2012-4419 CVE-2012-4922 tor: assertion failures in tor_timegm() and compare_tor_addr_to_addr_policy()2012-09-13
Bugzilla
CVE-2012-4419 tor: assertion failure in tor_timegm() and assertion failure when comparing an address with port 0 to an address policy [fedora-all]2012-09-13
CVE-2012-4419 — Reachable Assertion in Torproject TOR | cvebase