What is the severity of CVE-2012-4922?

CVE-2012-4922 has been classified as a denial of service vulnerability due to its potential to crash the Tor daemon.

How do I fix CVE-2012-4922?

To fix CVE-2012-4922, upgrade to Tor version 0.2.3.22-rc or later, which contains the necessary patch.

What versions are affected by CVE-2012-4922?

CVE-2012-4922 affects Tor versions before 0.2.2.39 and all 0.2.3.x versions prior to 0.2.3.22-rc.

Can CVE-2012-4922 be exploited remotely?

Yes, CVE-2012-4922 can be exploited remotely through a malformed directory object.

Is there a workaround for CVE-2012-4922 if I cannot update?

There is no documented workaround for CVE-2012-4922, so updating is the recommended solution.

Vulnerability/
CVE-2012-4922

medium

CWE

14/9/2012

22/8/2013

CVE-2012-4922: Input Validation

First published: Fri Sep 14 2012(Updated: )

The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed directory object, a different vulnerability than CVE-2012-4419.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Tor Project Tor	<=0.2.2.38
Tor Project Tor	=0.0.2
Tor Project Tor	=0.0.2-pre13
Tor Project Tor	=0.0.2-pre14
Tor Project Tor	=0.0.2-pre15
Tor Project Tor	=0.0.2-pre16
Tor Project Tor	=0.0.2-pre17
Tor Project Tor	=0.0.2-pre18
Tor Project Tor	=0.0.2-pre19
Tor Project Tor	=0.0.2-pre20
Tor Project Tor	=0.0.2-pre21
Tor Project Tor	=0.0.2-pre22
Tor Project Tor	=0.0.2-pre23
Tor Project Tor	=0.0.2-pre24
Tor Project Tor	=0.0.2-pre25
Tor Project Tor	=0.0.2-pre26
Tor Project Tor	=0.0.2-pre27
Tor Project Tor	=0.0.3
Tor Project Tor	=0.0.4
Tor Project Tor	=0.0.5
Tor Project Tor	=0.0.6
Tor Project Tor	=0.0.6.1
Tor Project Tor	=0.0.6.2
Tor Project Tor	=0.0.7
Tor Project Tor	=0.0.7.1
Tor Project Tor	=0.0.7.2
Tor Project Tor	=0.0.7.3
Tor Project Tor	=0.0.8.1
Tor Project Tor	=0.0.9.1
Tor Project Tor	=0.0.9.2
Tor Project Tor	=0.0.9.3
Tor Project Tor	=0.0.9.4
Tor Project Tor	=0.0.9.5
Tor Project Tor	=0.0.9.6
Tor Project Tor	=0.0.9.7
Tor Project Tor	=0.0.9.8
Tor Project Tor	=0.0.9.9
Tor Project Tor	=0.0.9.10
Tor Project Tor	=0.1.0.10
Tor Project Tor	=0.1.0.11
Tor Project Tor	=0.1.0.12
Tor Project Tor	=0.1.0.13
Tor Project Tor	=0.1.0.14
Tor Project Tor	=0.1.0.15
Tor Project Tor	=0.1.0.16
Tor Project Tor	=0.1.0.17
Tor Project Tor	=0.1.1.20
Tor Project Tor	=0.1.1.21
Tor Project Tor	=0.1.1.22
Tor Project Tor	=0.1.1.23
Tor Project Tor	=0.1.1.24
Tor Project Tor	=0.1.1.25
Tor Project Tor	=0.1.1.26
Tor Project Tor	=0.1.2.13
Tor Project Tor	=0.1.2.14
Tor Project Tor	=0.1.2.15
Tor Project Tor	=0.1.2.16
Tor Project Tor	=0.1.2.17
Tor Project Tor	=0.1.2.18
Tor Project Tor	=0.1.2.19
Tor Project Tor	=0.2.0.30
Tor Project Tor	=0.2.0.31
Tor Project Tor	=0.2.0.32
Tor Project Tor	=0.2.0.33
Tor Project Tor	=0.2.0.34
Tor Project Tor	=0.2.0.35
Tor Project Tor	=0.2.2.18
Tor Project Tor	=0.2.2.19
Tor Project Tor	=0.2.2.20
Tor Project Tor	=0.2.2.21
Tor Project Tor	=0.2.2.22
Tor Project Tor	=0.2.2.23
Tor Project Tor	=0.2.2.24
Tor Project Tor	=0.2.2.25
Tor Project Tor	=0.2.2.26
Tor Project Tor	=0.2.2.27
Tor Project Tor	=0.2.2.28
Tor Project Tor	=0.2.2.29
Tor Project Tor	=0.2.2.30
Tor Project Tor	=0.2.2.31
Tor Project Tor	=0.2.2.32
Tor Project Tor	=0.2.2.33
Tor Project Tor	=0.2.2.34
Tor Project Tor	=0.2.2.35
Tor Project Tor	=0.2.2.36
Tor Project Tor	=0.2.2.37
Tor Project Tor	=0.2.3
Tor Project Tor	=0.2.3.13-alpha
Tor Project Tor	=0.2.3.14-alpha
Tor Project Tor	=0.2.3.15-alpha
Tor Project Tor	=0.2.3.16-alpha
Tor Project Tor	=0.2.3.17-beta
Tor Project Tor	=0.2.3.18-rc
Tor Project Tor	=0.2.3.19-rc
Tor Project Tor	=0.2.3.20-rc
Tor Project Tor	=0.2.3.21-rc

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-4922?
CVE-2012-4922 has been classified as a denial of service vulnerability due to its potential to crash the Tor daemon.
How do I fix CVE-2012-4922?
To fix CVE-2012-4922, upgrade to Tor version 0.2.3.22-rc or later, which contains the necessary patch.
What versions are affected by CVE-2012-4922?
CVE-2012-4922 affects Tor versions before 0.2.2.39 and all 0.2.3.x versions prior to 0.2.3.22-rc.
Can CVE-2012-4922 be exploited remotely?
Yes, CVE-2012-4922 can be exploited remotely through a malformed directory object.
Is there a workaround for CVE-2012-4922 if I cannot update?
There is no documented workaround for CVE-2012-4922, so updating is the recommended solution.

agent/references
agent/type
agent/last-modified-date
agent/first-publish-date
agent/description
agent/weakness
agent/severity
agent/author
agent/tags
agent/softwarecombine
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
vendor/torproject
canonical/tor project tor
version/tor project tor/0.2.2.38
version/tor project tor/0.0.2
version/tor project tor/0.0.2-pre13
version/tor project tor/0.0.2-pre14
version/tor project tor/0.0.2-pre15
version/tor project tor/0.0.2-pre16
version/tor project tor/0.0.2-pre17
version/tor project tor/0.0.2-pre18
version/tor project tor/0.0.2-pre19
version/tor project tor/0.0.2-pre20
version/tor project tor/0.0.2-pre21
version/tor project tor/0.0.2-pre22
version/tor project tor/0.0.2-pre23
version/tor project tor/0.0.2-pre24
version/tor project tor/0.0.2-pre25
version/tor project tor/0.0.2-pre26
version/tor project tor/0.0.2-pre27
version/tor project tor/0.0.3
version/tor project tor/0.0.4
version/tor project tor/0.0.5
version/tor project tor/0.0.6
version/tor project tor/0.0.6.1
version/tor project tor/0.0.6.2
version/tor project tor/0.0.7
version/tor project tor/0.0.7.1
version/tor project tor/0.0.7.2
version/tor project tor/0.0.7.3
version/tor project tor/0.0.8.1
version/tor project tor/0.0.9.1
version/tor project tor/0.0.9.2
version/tor project tor/0.0.9.3
version/tor project tor/0.0.9.4
version/tor project tor/0.0.9.5
version/tor project tor/0.0.9.6
version/tor project tor/0.0.9.7
version/tor project tor/0.0.9.8
version/tor project tor/0.0.9.9
version/tor project tor/0.0.9.10
version/tor project tor/0.1.0.10
version/tor project tor/0.1.0.11
version/tor project tor/0.1.0.12
version/tor project tor/0.1.0.13
version/tor project tor/0.1.0.14
version/tor project tor/0.1.0.15
version/tor project tor/0.1.0.16
version/tor project tor/0.1.0.17
version/tor project tor/0.1.1.20
version/tor project tor/0.1.1.21
version/tor project tor/0.1.1.22
version/tor project tor/0.1.1.23
version/tor project tor/0.1.1.24
version/tor project tor/0.1.1.25
version/tor project tor/0.1.1.26
version/tor project tor/0.1.2.13
version/tor project tor/0.1.2.14
version/tor project tor/0.1.2.15
version/tor project tor/0.1.2.16
version/tor project tor/0.1.2.17
version/tor project tor/0.1.2.18
version/tor project tor/0.1.2.19
version/tor project tor/0.2.0.30
version/tor project tor/0.2.0.31
version/tor project tor/0.2.0.32
version/tor project tor/0.2.0.33
version/tor project tor/0.2.0.34
version/tor project tor/0.2.0.35
version/tor project tor/0.2.2.18
version/tor project tor/0.2.2.19
version/tor project tor/0.2.2.20
version/tor project tor/0.2.2.21
version/tor project tor/0.2.2.22
version/tor project tor/0.2.2.23
version/tor project tor/0.2.2.24
version/tor project tor/0.2.2.25
version/tor project tor/0.2.2.26
version/tor project tor/0.2.2.27
version/tor project tor/0.2.2.28
version/tor project tor/0.2.2.29
version/tor project tor/0.2.2.30
version/tor project tor/0.2.2.31
version/tor project tor/0.2.2.32
version/tor project tor/0.2.2.33
version/tor project tor/0.2.2.34
version/tor project tor/0.2.2.35
version/tor project tor/0.2.2.36
version/tor project tor/0.2.2.37
version/tor project tor/0.2.3
version/tor project tor/0.2.3.13-alpha
version/tor project tor/0.2.3.14-alpha
version/tor project tor/0.2.3.15-alpha
version/tor project tor/0.2.3.16-alpha
version/tor project tor/0.2.3.17-beta
version/tor project tor/0.2.3.18-rc
version/tor project tor/0.2.3.19-rc
version/tor project tor/0.2.3.20-rc
version/tor project tor/0.2.3.21-rc