CVE-2015-2929Reachable Assertion in TOR

8 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 35.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Torproject TORTHE TOR Project TOR
Timeline
PublishedJan 24
Latest updateMay 24

Description

The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDtorproject/tor0.2.5.10.2.5.12+2
Debiantorproject/tor< 0.2.5.12-1+3
CVEListV5the_tor_project/tor0.2.5.x before 0.2.5.12, 0.2.6.x before 0.2.6.7, before 0.2.4.27+2

🔴Vulnerability Details

3
GHSA
GHSA-f7jp-x5vp-978r: The Hidden Service (HS) client implementation in Tor before 02022-05-24
CVEList
CVE-2015-2929: The Hidden Service (HS) client implementation in Tor before 02020-01-24
OSV
CVE-2015-2929: The Hidden Service (HS) client implementation in Tor before 02020-01-24

📋Vendor Advisories

1
Debian
CVE-2015-2929: tor - The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x be...2015

💬Community

3
Bugzilla
CVE-2015-2928 CVE-2015-2929 tor: multiple issues fixed in the new upstream releases [epel-all]2015-04-08
Bugzilla
CVE-2015-2928 CVE-2015-2929 tor: multiple issues fixed in the new upstream releases2015-04-08
Bugzilla
CVE-2015-2928 CVE-2015-2929 tor: multiple issues fixed in the new upstream releases [fedora-all]2015-04-08
CVE-2015-2929 — Reachable Assertion in Torproject TOR | cvebase