CVE-2016-1254
NONE EPSS 85.7%
Published Dec 5, 20178y ago ยท Modified Jun 17, 20262w ago
Published Dec 5, 2017 8y ago
Last Modified Jun 17, 2026 2w ago
Description
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.
Threat Intelligence
EPSS Exploit Probability
85.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
Affected Products 8
| Vendor | Product | Version | Range |
|---|---|---|---|
| torproject | tor | * | <0.2.8.12 |
| debian | debian_linux | 8.0 | any |
| debian | debian_linux | 9.0 | any |
| fedoraproject | fedora | 24 | any |
| fedoraproject | fedora | 25 | any |
| opensuse | leap | 42.2 | any |
| opensuse | opensuse | 13.2 | any |
| opensuse_project | leap | 42.1 | any |
References 8
- lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2016-12/msg00154.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2016-12/msg00155.html
- blog.torproject.org https://blog.torproject.org/blog/tor-02812-released
- gitweb.torproject.org https://gitweb.torproject.org/tor.git/commit/?id=d978216dea6b21ac38230a59d172139185a68dbd
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FXOJSMCTIOHLBRYFBVEL3CDLGPZXX6WE/
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTU2R253477RZLYAJAR5DAXAON7KIVLA/
- trac.torproject.org https://trac.torproject.org/projects/tor/ticket/21018
- debian.org https://www.debian.org/security/2016/dsa-3741
Remediation
- gitweb.torproject.org https://gitweb.torproject.org/tor.git/commit/?id=d978216dea6b21ac38230a59d172139185a68dbd