Denial of Service Vulnerability in Tor Hidden Services - Tor Project
CVE-2017-0375

7.5HIGH

Key Information:

Vendor

Torproject

Status
Tor Before 0.3.0.8
Vendor
CVE Published:
9 June 2017

What is CVE-2017-0375?

The hidden service feature in Tor prior to version 0.3.0.8 is susceptible to a denial of service attack. This vulnerability arises from an assertion failure and subsequent exit of the daemon, triggered by a malformed BEGIN cell within the relay_send_end_cell_from_edge_ function. Attackers can exploit this flaw to disrupt service availability by sending crafted requests, potentially impacting the functionality of Tor's hidden services.

Affected Version(s)

Tor before 0.3.0.8 Tor before 0.3.0.8

References

https://trac.torproject.org/projects/tor/ticket/22493
x_refsource_CONFIRM
http://www.securityfocus.com/bid/99017
vdb-entryx_refsource_BID
https://lists.torproject.org/pipermail/tor-announce/2017-...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.