cbcvebase.
CVE-2015-2929
published 2020-01-24

CVE-2015-2929: The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a…

high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor.

Affected

11 ranges
VendorProductVersion rangeFixed in
debiantor< tor 0.2.5.12-1 (bookworm)tor 0.2.5.12-1 (bookworm)
the_tor_projecttor
the_tor_projecttor
the_tor_projecttor
torprojecttor< 0.2.4.270.2.4.27
torprojecttor>= 0 < 0.2.5.12-10.2.5.12-1
torprojecttor>= 0 < 0.2.5.12-10.2.5.12-1
torprojecttor>= 0 < 0.2.5.12-10.2.5.12-1
torprojecttor>= 0 < 0.2.5.12-10.2.5.12-1
torprojecttor>= 0.2.5.1 < 0.2.5.120.2.5.12
torprojecttor>= 0.2.6.1 < 0.2.6.70.2.6.7

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH