CVE-2015-2688 — Improper Handling of Exceptional Conditions in TOR

CWE-755 — Improper Handling of Exceptional Conditions6 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 31.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Torproject TOR THE TOR Project TOR

Timeline

PublishedJan 24

Latest updateMay 24

Description

buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDtorproject/tor0.2.5.1 — 0.2.5.11+1

▶Debiantorproject/tor< 0.2.5.11-1+3

▶CVEListV5the_tor_project/tor0.2.5.x before 0.2.5.11, before 0.2.4.26+1

Patches

Patch: trac.torproject.org ↗Patch: trac.torproject.org ↗

🔴Vulnerability Details

GHSA

GHSA-9h72-qxgr-5j87: buf_pullup in Tor before 0↗2022-05-24

▶

CVEList

CVE-2015-2688: buf_pullup in Tor before 0↗2020-01-24

▶

OSV

CVE-2015-2688: buf_pullup in Tor before 0↗2020-01-24

▶

📋Vendor Advisories

Debian

CVE-2015-2688: tor - buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly ...↗2015

▶

💬Community

Bugzilla

CVE-2015-2688 CVE-2015-2689 tor: security fixes in 0.2.4.26 and 0.2.5.11↗2015-03-23

▶