CVE-2016-1254
published 2017-12-05CVE-2016-1254: Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.
high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | tor | < tor 0.2.9.8-2 (bookworm) | tor 0.2.9.8-2 (bookworm) |
| doorkeeper_project | doorkeeper | >= 0 < 4.2.0 | 4.2.0 |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| opensuse | leap | — | — |
| opensuse | opensuse | — | — |
| opensuse_project | leap | — | — |
| torproject | tor | < 0.2.8.12 | 0.2.8.12 |
| torproject | tor | >= 0 < 0.2.9.8-2 | 0.2.9.8-2 |
| torproject | tor | >= 0 < 0.2.9.8-2 | 0.2.9.8-2 |
| torproject | tor | >= 0 < 0.2.9.8-2 | 0.2.9.8-2 |
| torproject | tor | >= 0 < 0.2.9.8-2 | 0.2.9.8-2 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH