Computer Security
[EN] no-pyccku

tor security vulnerabilities
SecurityVulns ID:12589
Threat Level:
Description:DoS conditions, information leakage.
Affected:TOR : tor 0.2
CVE:CVE-2012-4419 (The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before, and 0.2.3.x before, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison.)
 CVE-2012-3519 (routerlist.c in Tor before uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack.)
 CVE-2012-3518 (The networkstatus_parse_vote_from_string function in routerparse.c in Tor before does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2548-1] tor security update (18.09.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod