CVE-2012-3518
Published: 26 August 2012
The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document.
Notes
Author | Note |
---|---|
sbeattie | may have been introduced in 0.2.2.6-alpha |
Priority
Status
Package | Release | Status |
---|---|---|
tor Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Does not exist
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Released
(0.2.3.22-rc-1)
|
|
raring |
Released
(0.2.3.22-rc-1)
|
|
saucy |
Released
(0.2.3.22-rc-1)
|
|
trusty |
Released
(0.2.3.22-rc-1)
|
|
upstream |
Released
(0.2.2.38)
|
|
utopic |
Released
(0.2.3.22-rc-1)
|
|
vivid |
Released
(0.2.3.22-rc-1)
|
|
wily |
Released
(0.2.3.22-rc-1)
|
|
xenial |
Released
(0.2.3.22-rc-1)
|
|
yakkety |
Released
(0.2.3.22-rc-1)
|
|
zesty |
Released
(0.2.3.22-rc-1)
|
|
Patches: upstream: https://gitweb.torproject.org/tor.git/commitdiff/57e35ad3d91724882c345ac709666a551a977f0f upstream: https://gitweb.torproject.org/tor.git/commitdiff/55f635745afacefffdaafc72cc176ca7ab817546 |