#VU45425 Resource management error in Tor - CVE-2011-0492
Published: January 19, 2011 / Updated: August 11, 2020
Vulnerability identifier: #VU45425
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2011-0492
CWE-ID: CWE-399
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Tor
Tor
Software vendor:
tor.eff.org
tor.eff.org
Description
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (assertion failure and daemon exit) via blobs that trigger a certain file size, as demonstrated by the cached-descriptors.new file.
Remediation
Install update from vendor's website.
External links
- http://archives.seul.org/or/announce/Jan-2011/msg00000.html
- http://blog.torproject.org/blog/tor-02129-released-security-patches
- http://www.securityfocus.com/bid/45953
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64867
- https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog
- https://trac.torproject.org/projects/tor/ticket/2326