First published: Mon Mar 05 2018(Updated: )
A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.
Credit: security@debian.org
Affected Software | Affected Version | How to fix |
---|---|---|
Torproject Tor | >=0.3.2.0<0.3.2.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-0491 is a use-after-free vulnerability that was discovered in Tor 0.3.2.x before 0.3.2.10.
CVE-2018-0491 allows remote attackers to cause a denial of service (relay crash) in Tor.
CVE-2018-0491 has a severity rating of 7.5 (High).
To fix CVE-2018-0491, users should update to Tor version 0.3.2.10.
You can find more information about CVE-2018-0491 from the Tor Project's blog and ticket pages.