CVE-2019-8955Allocation of Resources Without Limits or Throttling in TOR

CWE-770Allocation of Resources Without Limits or Throttling10 documents7 sources
Severity
7.5HIGHNVD
EPSS
1.9%
top 16.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Torproject TOR
Timeline
PublishedFeb 21
Latest updateOct 4

Description

In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDtorproject/tor0.3.4.80.3.4.11+18
Debiantorproject/tor< 0.3.5.8-1+3
Ubuntutorproject/tor< 0.2.4.27-1ubuntu0.1+esm2+3

🔴Vulnerability Details

4
OSV
tor vulnerabilities2022-10-04
GHSA
GHSA-h3x5-p32h-w7q2: In Tor before 02022-05-13
CVEList
CVE-2019-8955: In Tor before 02019-02-21
OSV
CVE-2019-8955: In Tor before 02019-02-21

📋Vendor Advisories

2
Ubuntu
Tor vulnerabilities2022-10-04
Debian
CVE-2019-8955: tor - In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4...2019

💬Community

3
Bugzilla
CVE-2019-8955 tor: memory exhaustion in the KIST cell scheduler resulting in denial of service2019-02-22
Bugzilla
CVE-2019-8955 tor: memory exhaustion in the KIST cell scheduler resulting in denial of service [fedora-all]2019-02-22
Bugzilla
CVE-2019-8955 tor: memory exhaustion in the KIST cell scheduler resulting in denial of service [epel-7]2019-02-22
CVE-2019-8955 — Torproject TOR vulnerability | cvebase