Use-After-Free Vulnerability in Onion Service v2 by Tor Project
CVE-2017-8823

8.1HIGH

Key Information:

Vendor: Tor Project
Status: Tor Before 0.2.5.16, 0.2.6 Through 0.2.8 Before 0.2.8.17, 0.2.9 Before 0.2.9.14, 0.3.0 Before 0.3.0.13, And 0.3.1 Before 0.3.1.9
Vendor: CVE Published:; 3 December 2017

🔔 Create Tor Project Vulnerability Alert

What is CVE-2017-8823?

In several versions of the Tor software, specifically before 0.2.5.16, between 0.2.6 and 0.2.8 prior to 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, a critical use-after-free vulnerability exists in the onion service v2 implementation. This issue arises during the expiration of intro-points due to mismanagement of the expiring list in certain error scenarios. This flaw can potentially be exploited to impact the stability and security of users' connections within the Tor network.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9 Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9