CVE-2020-15572

2020-07-1517:15:11

Google

osv.dev

6.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.6%

JSON

Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.

CPENameOperatorVersion
toreqtor-0.2.2.5-alpha
toreqtor-0.2.1.9-alpha
toreqtor-0.2.0.11-alpha
toreqtor-0.0.2pre23
toreqdebian-version-0.0.6.2-1
toreqtor-0.1.2.5-alpha
toreqtor-0.3.0.3-alpha
toreqtor-0.4.3.5
toreqtor-0.3.4.2-alpha
toreqdebian-version-0.0.5+0.0.6rc4-1

Name	Operator	Version
tor	eq	tor-0.2.2.5-alpha
tor	eq	tor-0.2.1.9-alpha
tor	eq	tor-0.2.0.11-alpha
tor	eq	tor-0.0.2pre23
tor	eq	debian-version-0.0.6.2-1
tor	eq	tor-0.1.2.5-alpha
tor	eq	tor-0.3.0.3-alpha
tor	eq	tor-0.4.3.5
tor	eq	tor-0.3.4.2-alpha
tor	eq	debian-version-0.0.5+0.0.6rc4-1