Denial Of Service (DoS)

2021-06-1920:48:46

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.002 Low

EPSS

Percentile

62.2%

JSON

tor is vulnerable to denial of service. An attacker is able to cause an application crash through a hashtable-based CPU denial-of-service attack against relays. Previously a naive unkeyed hash function to look up circuits in a circuitmux object was used. An attacker could exploit this to construct circuits with chosen circuit IDs, to create collisions and make the hash table inefficient. Now a SipHash construction is used instead.

CPENameOperatorVersion
tor:sideq0.4.4.6-1
tor:sideq0.4.5.6-1
tor:bustereq0.3.5.12-1
tor:bustereq0.3.5.10-1
tor:3.11eq0.4.1.9-r1
tor:3.11eq0.4.1.7-r0
tor:3.11eq0.4.1.9-r0
tor:bullseyeeq0.4.4.6-1
tor:3.12eq0.4.3.8-r0
tor:3.12eq0.4.3.5-r0

Name	Operator	Version
tor:sid	eq	0.4.4.6-1
tor:sid	eq	0.4.5.6-1
tor:buster	eq	0.3.5.12-1
tor:buster	eq	0.3.5.10-1
tor:3.11	eq	0.4.1.9-r1
tor:3.11	eq	0.4.1.7-r0
tor:3.11	eq	0.4.1.9-r0
tor:bullseye	eq	0.4.4.6-1
tor:3.12	eq	0.4.3.8-r0
tor:3.12	eq	0.4.3.5-r0