Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.
References
Link | Resource |
---|---|
https://blog.torproject.org/new-release-tor-03511-0428-0436-security-fixes | Release Notes Vendor Advisory |
https://gitlab.torproject.org/tpo/core/tor/-/issues/33119 | Vendor Advisory |
https://trac.torproject.org/projects/tor/wiki/TROVE | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2020-07-15 17:15
Updated : 2024-02-04 21:00
NVD link : CVE-2020-15572
Mitre link : CVE-2020-15572
CVE.ORG link : CVE-2020-15572
JSON object : View
Products Affected
torproject
- tor
CWE
CWE-125
Out-of-bounds Read