Main Vulnerability Database Vulnerabilities #VU54230

#VU54230 Resource management error in Tor - CVE-2021-34549

Published: June 20, 2021

Vulnerability identifier: #VU54230

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-34549

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Tor

Software vendor:
tor.eff.org

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the naive unkeyed hash function. A remote attacker can construct circuits with chosen circuit IDs, to create collisions and make the hash table inefficient, resulting in denial of service condition.

Remediation

Install updates from vendor's website.

External links

https://blog.torproject.org/node/2041

#VU54230 Resource management error in Tor - CVE-2021-34549

Description

Remediation

External links

Please verify you're human