Lucene search

[email protected]CVE-2016-8860

HistoryJan 04, 2017 - 8:59 p.m.

CVE-2016-8860

2017-01-0420:59:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2016-8860

tor

dos

buffer overflow

nvd

security advisory

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.049 Low

EPSS

Percentile

92.8%

JSON

Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.

Affected configurations

NVD

Node

torprojecttorRange≤0.2.8.8

torprojecttorMatch0.2.9.0alpha

torprojecttorMatch0.2.9.1alpha

torprojecttorMatch0.2.9.2alpha

torprojecttorMatch0.2.9.3alpha

CPENameOperatorVersion
torproject:tortorproject torle0.2.8.8
torproject:tortorproject toreq0.2.9.0
torproject:tortorproject toreq0.2.9.1
torproject:tortorproject toreq0.2.9.2
torproject:tortorproject toreq0.2.9.3

CPE	Name	Operator	Version
torproject:tor	torproject tor	le	0.2.8.8
torproject:tor	torproject tor	eq	0.2.9.0
torproject:tor	torproject tor	eq	0.2.9.1
torproject:tor	torproject tor	eq	0.2.9.2
torproject:tor	torproject tor	eq	0.2.9.3