6 matches found
SUSE CVE-2017-8823
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certain error cases, aka TROVE-2017-013...
CVE-2017-8823
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certain error cases, aka TROVE-2017-013...
FreeBSD : tor -- Use-after-free in onion service v2 (36ef8753-d86f-11e7-ad28-0025908740c2)
The Torproject.org reports : - TROVE-2017-009: Replay-cache ineffective for v2 onion services - TROVE-2017-010: Remote DoS attack against directory authorities - TROVE-2017-011: An attacker can make Tor ask for a password - TROVE-2017-012: Relays can pick themselves in a circuit path -...
Design/Logic Flaw
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certain error cases, aka TROVE-2017-013...
CVE-2017-8823
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certain error cases, aka TROVE-2017-013...
CVE-2017-8823
CVE-2017-8823 (Tor) : A use-after-free in onion service v2 during intro-point expiration is caused by mismanagement of the expiring list in certain error cases (Tor before 0.3.1.9). Descriptions from Arch Linux ASA-201712-10 indicate this can lead to crashes of v2 onion services when circuits exp...