CVE-2012-3518: Buffer Overflow
First published: Sun Aug 26 2012(Updated: )
The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tor (The Onion Router) | <=0.2.2.37 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-updates/2012-08/msg00048.html
- http://openwall.com/lists/oss-security/2012/08/21/6
- http://secunia.com/advisories/50583
- http://security.gentoo.org/glsa/glsa-201301-03.xml
- https://gitweb.torproject.org/tor.git/commit/55f635745afacefffdaafc72cc176ca7ab817546
- https://gitweb.torproject.org/tor.git/commit/57e35ad3d91724882c345ac709666a551a977f0f
- https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html
- https://trac.torproject.org/projects/tor/ticket/6530
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/tor
- canonical/tor (the onion router)
- version/tor (the onion router)/0.2.2.37