CVE-2012-4419

Priority
Description
The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before
0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause
a denial of service (assertion failure and daemon exit) via a zero-valued
port field that is not properly handled during policy comparison.
Notes
sbeattielooks like triggerable asserts that cause a DoS
Package
Source: tor (LP Ubuntu Debian)
Upstream:released (0.2.3.22-rc-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):released ([0.2.3.22-rc-1])
Ubuntu 16.04 LTS (Xenial Xerus):released (0.2.3.22-rc-1)
More Information

Updated: 2020-01-29 19:44:56 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)