CVE-2016-1254

NONE EPSS 85.7%
Published Dec 5, 20178y ago ยท Modified Jun 17, 20262w ago
Find Similar
Published Dec 5, 2017 8y ago
Last Modified Jun 17, 2026 2w ago

Description

Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.

Threat Intelligence

EPSS Exploit Probability
85.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

Affected Products 8

VendorProductVersionRange
torprojecttor* <0.2.8.12
debiandebian_linux8.0any
debiandebian_linux9.0any
fedoraprojectfedora24any
fedoraprojectfedora25any
opensuseleap42.2any
opensuseopensuse13.2any
opensuse_projectleap42.1any

References 8

  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2016-12/msg00154.html
    Third Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2016-12/msg00155.html
    Third Party Advisory
  • blog.torproject.org https://blog.torproject.org/blog/tor-02812-released
    Vendor Advisory
  • gitweb.torproject.org https://gitweb.torproject.org/tor.git/commit/?id=d978216dea6b21ac38230a59d172139185a68dbd
    PatchVendor Advisory
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FXOJSMCTIOHLBRYFBVEL3CDLGPZXX6WE/
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTU2R253477RZLYAJAR5DAXAON7KIVLA/
  • trac.torproject.org https://trac.torproject.org/projects/tor/ticket/21018
    Issue TrackingVendor Advisory
  • debian.org https://www.debian.org/security/2016/dsa-3741
    Third Party Advisory

Remediation

  • gitweb.torproject.org https://gitweb.torproject.org/tor.git/commit/?id=d978216dea6b21ac38230a59d172139185a68dbd
    PatchVendor Advisory