oss-sec mailing list archives
tor DoS via SENDME cells
From: Vincent Danen <vdanen () redhat com>
Date: Mon, 26 Nov 2012 09:48:57 -0700
I've not seen a CVE for this yet, could one get assigned? It was reported that Tor suffered from a denial of service vulnerability due to an error when handling SENDME cells. This could be exploited to cause excessive consumption of memory resources within an entry node. This is fixed in upstream version 0.2.3.25. References: https://secunia.com/advisories/51329/ https://trac.torproject.org/projects/tor/ticket/6252 https://gitweb.torproject.org/arma/tor.git/commitdiff/b9b54568c0bb64c32bd0b362954bdbc8c1234b16 https://bugzilla.redhat.com/show_bug.cgi?id=880310 https://bugs.gentoo.org/show_bug.cgi?id=444804 Thanks. --Vincent Danen / Red Hat Security Response Team
Current thread:
- tor DoS via SENDME cells Vincent Danen (Nov 26)
- Re: tor DoS via SENDME cells Kurt Seifried (Nov 26)