CVE-2017-0375
https://notcve.org/view.php?id=CVE-2017-0375
The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell. La función de servicio oculto en Tor antes de la versión 0.3.0.8 permite una denegación de servicio (fallo de aserción y salida de demonio) en la función relay_send_end_cell_from_edge_ a través de una llamada BEGIN con formato incorrecto. • http://www.securityfocus.com/bid/99017 https://github.com/torproject/tor/commit/79b59a2dfcb68897ee89d98587d09e55f07e68d7 https://lists.torproject.org/pipermail/tor-announce/2017-June/000131.html https://trac.torproject.org/projects/tor/ticket/22493 • CWE-617: Reachable Assertion •
CVE-2016-8860
https://notcve.org/view.php?id=CVE-2016-8860
Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data. Tor en versiones anteriores a 0.2.8.9 y 0.2.9.x en versiones anteriores a 0.2.9.4-alpha tenía funciones internas autorizadas a esperar que buf_t data tenía terminación NUL, pero la implementación de or/buffers.c no aseguró que la terminación NUL estuviera presente, lo que permite a atacantes remotos provocar una denegación de servicio (cliente, servicio oculto, transmisión, o caída de autoridad) a través de datos manipulados. • http://openwall.com/lists/oss-security/2016/10/19/11 http://www.debian.org/security/2016/dsa-3694 http://www.securityfocus.com/bid/95116 https://blog.torproject.org/blog/tor-0289-released-important-fixes https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57ce https://security.gentoo.org/glsa/201612-45 https://trac.torproject.org/projects/tor/ticket/20384 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-2929
https://notcve.org/view.php?id=CVE-2015-2929
The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor. La implementación del cliente Hidden Service (HS) en Tor versiones anteriores a 0.2.4.27, versiones 0.2.5.x anteriores a 0.2.5.12 y versiones 0.2.6.x anteriores a 0.2.6.7, permite a los servidores remotos causar una denegación de servicio (falla de aserción y salida de la aplicación ) por medio de un descriptor HS malformado. • http://openwall.com/lists/oss-security/2015/04/06/5 https://trac.torproject.org/projects/tor/ticket/15601 •
CVE-2015-2928
https://notcve.org/view.php?id=CVE-2015-2928
The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. La implementación del servidor Hidden Service (HS) en Tor versiones anteriores a 0.2.4.27, versiones 0.2.5.x anteriores a 0.2.5.12 y versiones 0.2.6.x anteriores a 0.2.6.7, permite a atacantes remotos causar una denegación de servicio (falla de aserción y salida del demonio ) por medio de vectores no especificados. • http://openwall.com/lists/oss-security/2015/04/06/5 https://trac.torproject.org/projects/tor/ticket/15600 •
CVE-2014-5117
https://notcve.org/view.php?id=CVE-2014-5117
Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names. Tor anterior a 0.2.4.23 y 0.2.5 anterior a 0.2.5.6-alpha mantiene un circuito después de que un cliente reciba una célula RELAY_EARLY entrante, lo que facilita a atacantes remotos realizar ataques de confirmación de trafico mediante el uso de la pauta de células RELAY y RELAY_EARLY como la manera de comunicar información a cerca de nombres escondidos de servicios. • http://secunia.com/advisories/60084 http://secunia.com/advisories/60647 https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack https://lists.torproject.org/pipermail/tor-announce/2014-July/000093.html https://lists.torproject.org/pipermail/tor-announce/2014-July/000094.html https://lists.torproject.org/pipermail/tor-talk/2014-July/034180.html https://trac.torproject.org/projects/tor/ticket/1038 •