What is the severity of CVE-2012-4419?

CVE-2012-4419 is classified as a denial of service vulnerability due to an assertion failure in the Tor daemon.

How do I fix CVE-2012-4419?

To fix CVE-2012-4419, upgrade Tor to version 0.2.2.39 or later, or 0.2.3.21-rc or later.

Which versions of Tor are affected by CVE-2012-4419?

CVE-2012-4419 affects Tor versions before 0.2.2.39 and 0.2.3.x before 0.2.3.21-rc.

What can exploit CVE-2012-4419?

Remote attackers can exploit CVE-2012-4419 by sending specially crafted traffic that includes a zero-valued port field.

What happens if CVE-2012-4419 is exploited?

Exploiting CVE-2012-4419 may cause the Tor daemon to exit unexpectedly, leading to a denial of service.

Vulnerability/
CVE-2012-4419

medium

14/9/2012

22/8/2013

CVE-2012-4419

First published: Fri Sep 14 2012(Updated: )

The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Tor Project Tor	<=0.2.2.38
Tor Project Tor	=0.0.2
Tor Project Tor	=0.0.2-pre13
Tor Project Tor	=0.0.2-pre14
Tor Project Tor	=0.0.2-pre15
Tor Project Tor	=0.0.2-pre16
Tor Project Tor	=0.0.2-pre17
Tor Project Tor	=0.0.2-pre18
Tor Project Tor	=0.0.2-pre19
Tor Project Tor	=0.0.2-pre20
Tor Project Tor	=0.0.2-pre21
Tor Project Tor	=0.0.2-pre22
Tor Project Tor	=0.0.2-pre23
Tor Project Tor	=0.0.2-pre24
Tor Project Tor	=0.0.2-pre25
Tor Project Tor	=0.0.2-pre26
Tor Project Tor	=0.0.2-pre27
Tor Project Tor	=0.0.3
Tor Project Tor	=0.0.4
Tor Project Tor	=0.0.5
Tor Project Tor	=0.0.6
Tor Project Tor	=0.0.6.1
Tor Project Tor	=0.0.6.2
Tor Project Tor	=0.0.7
Tor Project Tor	=0.0.7.1
Tor Project Tor	=0.0.7.2
Tor Project Tor	=0.0.7.3
Tor Project Tor	=0.0.8.1
Tor Project Tor	=0.0.9.1
Tor Project Tor	=0.0.9.2
Tor Project Tor	=0.0.9.3
Tor Project Tor	=0.0.9.4
Tor Project Tor	=0.0.9.5
Tor Project Tor	=0.0.9.6
Tor Project Tor	=0.0.9.7
Tor Project Tor	=0.0.9.8
Tor Project Tor	=0.0.9.9
Tor Project Tor	=0.0.9.10
Tor Project Tor	=0.1.0.10
Tor Project Tor	=0.1.0.11
Tor Project Tor	=0.1.0.12
Tor Project Tor	=0.1.0.13
Tor Project Tor	=0.1.0.14
Tor Project Tor	=0.1.0.15
Tor Project Tor	=0.1.0.16
Tor Project Tor	=0.1.0.17
Tor Project Tor	=0.1.1.20
Tor Project Tor	=0.1.1.21
Tor Project Tor	=0.1.1.22
Tor Project Tor	=0.1.1.23
Tor Project Tor	=0.1.1.24
Tor Project Tor	=0.1.1.25
Tor Project Tor	=0.1.1.26
Tor Project Tor	=0.1.2.13
Tor Project Tor	=0.1.2.14
Tor Project Tor	=0.1.2.15
Tor Project Tor	=0.1.2.16
Tor Project Tor	=0.1.2.17
Tor Project Tor	=0.1.2.18
Tor Project Tor	=0.1.2.19
Tor Project Tor	=0.2.0.30
Tor Project Tor	=0.2.0.31
Tor Project Tor	=0.2.0.32
Tor Project Tor	=0.2.0.33
Tor Project Tor	=0.2.0.34
Tor Project Tor	=0.2.0.35
Tor Project Tor	=0.2.2.18
Tor Project Tor	=0.2.2.19
Tor Project Tor	=0.2.2.20
Tor Project Tor	=0.2.2.21
Tor Project Tor	=0.2.2.22
Tor Project Tor	=0.2.2.23
Tor Project Tor	=0.2.2.24
Tor Project Tor	=0.2.2.25
Tor Project Tor	=0.2.2.26
Tor Project Tor	=0.2.2.27
Tor Project Tor	=0.2.2.28
Tor Project Tor	=0.2.2.29
Tor Project Tor	=0.2.2.30
Tor Project Tor	=0.2.2.31
Tor Project Tor	=0.2.2.32
Tor Project Tor	=0.2.2.33
Tor Project Tor	=0.2.2.34
Tor Project Tor	=0.2.2.35
Tor Project Tor	=0.2.2.36
Tor Project Tor	=0.2.2.37
Tor Project Tor	=0.2.3
Tor Project Tor	=0.2.3.13-alpha
Tor Project Tor	=0.2.3.14-alpha
Tor Project Tor	=0.2.3.15-alpha
Tor Project Tor	=0.2.3.16-alpha
Tor Project Tor	=0.2.3.17-beta
Tor Project Tor	=0.2.3.18-rc
Tor Project Tor	=0.2.3.19-rc
Tor Project Tor	=0.2.3.20-rc

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-4419?
CVE-2012-4419 is classified as a denial of service vulnerability due to an assertion failure in the Tor daemon.
How do I fix CVE-2012-4419?
To fix CVE-2012-4419, upgrade Tor to version 0.2.2.39 or later, or 0.2.3.21-rc or later.
Which versions of Tor are affected by CVE-2012-4419?
CVE-2012-4419 affects Tor versions before 0.2.2.39 and 0.2.3.x before 0.2.3.21-rc.
What can exploit CVE-2012-4419?
Remote attackers can exploit CVE-2012-4419 by sending specially crafted traffic that includes a zero-valued port field.
What happens if CVE-2012-4419 is exploited?
Exploiting CVE-2012-4419 may cause the Tor daemon to exit unexpectedly, leading to a denial of service.

agent/type
agent/first-publish-date
agent/last-modified-date
agent/description
agent/severity
agent/references
agent/author
agent/tags
agent/softwarecombine
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
vendor/torproject
canonical/tor project tor
version/tor project tor/0.2.2.38
version/tor project tor/0.0.2
version/tor project tor/0.0.2-pre13
version/tor project tor/0.0.2-pre14
version/tor project tor/0.0.2-pre15
version/tor project tor/0.0.2-pre16
version/tor project tor/0.0.2-pre17
version/tor project tor/0.0.2-pre18
version/tor project tor/0.0.2-pre19
version/tor project tor/0.0.2-pre20
version/tor project tor/0.0.2-pre21
version/tor project tor/0.0.2-pre22
version/tor project tor/0.0.2-pre23
version/tor project tor/0.0.2-pre24
version/tor project tor/0.0.2-pre25
version/tor project tor/0.0.2-pre26
version/tor project tor/0.0.2-pre27
version/tor project tor/0.0.3
version/tor project tor/0.0.4
version/tor project tor/0.0.5
version/tor project tor/0.0.6
version/tor project tor/0.0.6.1
version/tor project tor/0.0.6.2
version/tor project tor/0.0.7
version/tor project tor/0.0.7.1
version/tor project tor/0.0.7.2
version/tor project tor/0.0.7.3
version/tor project tor/0.0.8.1
version/tor project tor/0.0.9.1
version/tor project tor/0.0.9.2
version/tor project tor/0.0.9.3
version/tor project tor/0.0.9.4
version/tor project tor/0.0.9.5
version/tor project tor/0.0.9.6
version/tor project tor/0.0.9.7
version/tor project tor/0.0.9.8
version/tor project tor/0.0.9.9
version/tor project tor/0.0.9.10
version/tor project tor/0.1.0.10
version/tor project tor/0.1.0.11
version/tor project tor/0.1.0.12
version/tor project tor/0.1.0.13
version/tor project tor/0.1.0.14
version/tor project tor/0.1.0.15
version/tor project tor/0.1.0.16
version/tor project tor/0.1.0.17
version/tor project tor/0.1.1.20
version/tor project tor/0.1.1.21
version/tor project tor/0.1.1.22
version/tor project tor/0.1.1.23
version/tor project tor/0.1.1.24
version/tor project tor/0.1.1.25
version/tor project tor/0.1.1.26
version/tor project tor/0.1.2.13
version/tor project tor/0.1.2.14
version/tor project tor/0.1.2.15
version/tor project tor/0.1.2.16
version/tor project tor/0.1.2.17
version/tor project tor/0.1.2.18
version/tor project tor/0.1.2.19
version/tor project tor/0.2.0.30
version/tor project tor/0.2.0.31
version/tor project tor/0.2.0.32
version/tor project tor/0.2.0.33
version/tor project tor/0.2.0.34
version/tor project tor/0.2.0.35
version/tor project tor/0.2.2.18
version/tor project tor/0.2.2.19
version/tor project tor/0.2.2.20
version/tor project tor/0.2.2.21
version/tor project tor/0.2.2.22
version/tor project tor/0.2.2.23
version/tor project tor/0.2.2.24
version/tor project tor/0.2.2.25
version/tor project tor/0.2.2.26
version/tor project tor/0.2.2.27
version/tor project tor/0.2.2.28
version/tor project tor/0.2.2.29
version/tor project tor/0.2.2.30
version/tor project tor/0.2.2.31
version/tor project tor/0.2.2.32
version/tor project tor/0.2.2.33
version/tor project tor/0.2.2.34
version/tor project tor/0.2.2.35
version/tor project tor/0.2.2.36
version/tor project tor/0.2.2.37
version/tor project tor/0.2.3
version/tor project tor/0.2.3.13-alpha
version/tor project tor/0.2.3.14-alpha
version/tor project tor/0.2.3.15-alpha
version/tor project tor/0.2.3.16-alpha
version/tor project tor/0.2.3.17-beta
version/tor project tor/0.2.3.18-rc
version/tor project tor/0.2.3.19-rc
version/tor project tor/0.2.3.20-rc