First published: Fri Mar 19 2021(Updated: )
Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Torproject Tor | <0.3.5.14 | |
Torproject Tor | >=0.4.4.4<0.4.4.8 | |
Torproject Tor | >=0.4.5.0<0.4.5.7 | |
Torproject Tor | =0.4.4.0-alpha | |
Torproject Tor | =0.4.4.1-alpha | |
Torproject Tor | =0.4.4.2-alpha | |
Torproject Tor | =0.4.4.3-alpha | |
Fedoraproject Fedora | =33 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-28089 is a vulnerability in Tor before version 0.4.5.7 that allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target.
The severity of CVE-2021-28089 is high with a CVSS score of 7.5.
Versions of Tor up to and including 0.3.5.14, 0.4.4.4 to 0.4.4.8, and 0.4.5.0 to 0.4.5.7 are affected by CVE-2021-28089.
A remote participant in the Tor directory protocol can exhaust CPU resources on a target by exploiting the vulnerability in Tor before version 0.4.5.7.
To fix CVE-2021-28089, update Tor to version 0.4.5.7 or later.