oss-sec mailing list archives

tor DoS via SENDME cells

From: Vincent Danen <vdanen () redhat com>
Date: Mon, 26 Nov 2012 09:48:57 -0700

I've not seen a CVE for this yet, could one get assigned?

It was reported that Tor suffered from a denial of service
vulnerability due to an error when handling SENDME cells.  This could be
exploited to cause excessive consumption of memory resources within an
entry node.

This is fixed in upstream version 0.2.3.25.

References:

https://secunia.com/advisories/51329/
https://trac.torproject.org/projects/tor/ticket/6252
https://gitweb.torproject.org/arma/tor.git/commitdiff/b9b54568c0bb64c32bd0b362954bdbc8c1234b16
https://bugzilla.redhat.com/show_bug.cgi?id=880310
https://bugs.gentoo.org/show_bug.cgi?id=444804

Thanks.

--

Vincent Danen / Red Hat Security Response Team

Current thread:

tor DoS via SENDME cells Vincent Danen (Nov 26)
- Re: tor DoS via SENDME cells Kurt Seifried (Nov 26)