Denial of Service Vulnerability in Tor Software by The Tor Project
CVE-2020-10593

7.5HIGH

Key Information:

Vendor

Torproject

Status
Tor
Vendor
CVE Published:
23 March 2020

What is CVE-2020-10593?

Certain versions of Tor software permit remote attackers to exploit a Denial of Service vulnerability due to a memory leak. This vulnerability arises in the function responsible for setting up circuit padding, allowing a circuit-padding machine to be negotiated twice on the same circuit. As a result, potential attackers can disrupt the service, leading to reduced functionality and performance of the Tor network.

References

https://trac.torproject.org/projects/tor/ticket/33619
x_refsource_MISC
https://security.gentoo.org/glsa/202003-50
vendor-advisoryx_refsource_GENTOO
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.