Candidate: CVE-2018-0490
PublicDate: 2018-03-05 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0490
 https://trac.torproject.org/projects/tor/ticket/25074
 https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915
Description:
 An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10,
 and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list
 subprotocol implementation allows remote attackers to cause a denial of
 service (NULL pointer dereference and directory-authority crash) via a
 misformatted relay descriptor that is mishandled during voting.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_tor:
upstream_tor: released (0.3.2.10-1)
precise/esm_tor: DNE
trusty_tor: not-affected (code not present)
trusty/esm_tor: not-affected (code not present)
xenial_tor: released (0.2.9.14-1ubuntu1~16.04.3)
artful_tor: ignored (reached end-of-life)
bionic_tor: not-affected (0.3.2.10-1)
cosmic_tor: not-affected (0.3.2.10-1)
devel_tor: not-affected (0.3.2.10-1)