Denial of Service Vulnerability in Tor by The Tor Project
CVE-2017-8821

7.5HIGH

Key Information:

Vendor: Tor Project
Status: Tor Before 0.2.5.16, 0.2.6 Through 0.2.8 Before 0.2.8.17, 0.2.9 Before 0.2.9.14, 0.3.0 Before 0.3.0.13, And 0.3.1 Before 0.3.1.9
Vendor: CVE Published:; 3 December 2017

🔔 Create Tor Project Vulnerability Alert

What is CVE-2017-8821?

In certain versions of Tor, an attacker can exploit a vulnerability by supplying specially crafted PEM input that indicates a public key requiring a password. This malformed input triggers the OpenSSL library to issue a prompt for the password, effectively causing the application to hang and resulting in a denial of service. Users of affected Tor versions should prioritize upgrading to secure their systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9 Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9