CVE-2017-8820
published 2017-12-03CVE-2017-8820: In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause…
high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | tor | < tor 0.3.1.9-1 (bookworm) | tor 0.3.1.9-1 (bookworm) |
| tor_project | tor | < 0.2.5.16 | 0.2.5.16 |
| tor_project | tor | >= 0.2.6 < 0.2.8.17 | 0.2.8.17 |
| tor_project | tor | >= 0.2.9 < 0.2.9.14 | 0.2.9.14 |
| tor_project | tor | >= 0.3.0 < 0.3.0.13 | 0.3.0.13 |
| tor_project | tor | >= 0.3.1 < 0.3.1.9 | 0.3.1.9 |
| torproject | tor | >= 0 < 0.3.1.9-1 | 0.3.1.9-1 |
| torproject | tor | >= 0 < 0.3.1.9-1 | 0.3.1.9-1 |
| torproject | tor | >= 0 < 0.3.1.9-1 | 0.3.1.9-1 |
| torproject | tor | >= 0 < 0.3.1.9-1 | 0.3.1.9-1 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH