Denial of Service in Tor Hidden-Service Feature
CVE-2017-0376

7.5HIGH

Key Information:

Vendor

Torproject

Status
Tor Before 0.3.0.8
Vendor
CVE Published:
9 June 2017

What is CVE-2017-0376?

A vulnerability in Tor's hidden-service feature allows an attacker to trigger a denial of service in versions before 0.3.0.8. By exploiting the vulnerability through a malicious BEGIN_DIR cell on a rendezvous circuit, the connection_edge_process_relay_cell function can experience an assertion failure, leading to the daemon's unexpected termination. This flaw can disrupt the functionality of the Tor network, impacting users’ ability to maintain secure and anonymous communications.

Affected Version(s)

Tor before 0.3.0.8 Tor before 0.3.0.8

References

https://lists.torproject.org/pipermail/tor-announce/2017-...
x_refsource_CONFIRM
http://www.debian.org/security/2017/dsa-3877
vendor-advisoryx_refsource_DEBIAN
https://trac.torproject.org/projects/tor/ticket/22494
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.