First published: Mon Mar 23 2020(Updated: )
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Torproject Tor | >=0.3.5<0.3.5.10 | |
Torproject Tor | >0.4.1.0<0.4.1.9 | |
Torproject Tor | >0.4.2.0<=0.4.2.7 | |
Opensuse Backports | =sle-15-sp1 | |
openSUSE Leap | =15.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-10592 is a vulnerability in Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 that allows remote attackers to cause a Denial of Service (CPU consumption).
Remote attackers can exploit CVE-2020-10592 to cause a Denial of Service by consuming excessive CPU resources.
CVE-2020-10592 has a severity rating of 7.5 (High).
Tor versions before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 are affected by CVE-2020-10592.
To mitigate CVE-2020-10592, it is recommended to update Tor to version 0.3.5.10, 0.4.1.9, or 0.4.2.7.