Resource Exhaustion Vulnerability in Tor by The Tor Project
CVE-2021-28089

7.5HIGH

Key Information:

Vendor

Torproject

Status
Tor
Vendor
CVE Published:
19 March 2021

What is CVE-2021-28089?

A vulnerability in Tor allows an attacker to exploit the directory protocol, potentially leading to CPU resource exhaustion on the target. By manipulating the protocol, a remote participant could cause significant degradation of service, making it crucial for users to apply the latest updates and patches to safeguard their systems.

References

https://gitlab.torproject.org/tpo/core/tor/-/issues/40304
x_refsource_MISC
https://blog.torproject.org/node/2009
x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.