Tor: Malicious Conflux Endpoint Can Leave Stale Global OOO Queue Accounting After Teardown

A vulnerability was discovered in Tor's Conflux OOO queue accounting. The vulnerability could cause the global OOO queue byte counter to remain inflated after a Conflux set was torn down, even though the memory had already been freed. This was due to a lack of accounting updates during the teardo...