Main Vulnerability Database Vulnerabilities #VU31417

Reachable Assertion in Tor - CVE-2017-0375

Published: June 9, 2017 / Updated: July 18, 2020

Vulnerability identifier: #VU31417

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-0375

CWE-ID: CWE-617

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: tor.eff.org

Affected software:
Tor

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell.

How to mitigate CVE-2017-0375

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/99017
https://github.com/torproject/tor/commit/79b59a2dfcb68897ee89d98587d09e55f07e68d7
https://lists.torproject.org/pipermail/tor-announce/2017-June/000131.html
https://trac.torproject.org/projects/tor/ticket/22493

Reachable Assertion in Tor - CVE-2017-0375

Detailed vulnerability description

How to mitigate CVE-2017-0375

Sources

Please verify you're human