First published: Mon Mar 23 2020(Updated: )
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Torproject Tor | >=0.3.5<0.3.5.10 | |
Torproject Tor | >0.4.1.0<0.4.1.9 | |
Torproject Tor | >0.4.2.0<=0.4.2.7 | |
openSUSE Backports SLE | =15.0-sp1 | |
openSUSE Leap | =15.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-10593.
The severity of CVE-2020-10593 is high with a score of 7.5.
The affected software is Tor versions before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7.
This vulnerability allows remote attackers to cause a Denial of Service through a memory leak.
To fix CVE-2020-10593, update Tor to version 0.3.5.10, 0.4.1.9, or 0.4.2.7.