An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor
References
Link | Resource |
---|---|
https://blog.torproject.org/node/2041 | Release Notes Vendor Advisory |
https://gitlab.torproject.org/tpo/core/tor/-/issues/40392 | Broken Link |
https://security.gentoo.org/glsa/202107-25 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Sep 2021, 18:53
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Jul 2021, 13:48
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-119 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:* | |
References | (CONFIRM) https://blog.torproject.org/node/2041 - Release Notes, Vendor Advisory | |
References | (MISC) https://gitlab.torproject.org/tpo/core/tor/-/issues/40392 - Broken Link |
29 Jun 2021, 12:30
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-06-29 12:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-34550
Mitre link : CVE-2021-34550
CVE.ORG link : CVE-2021-34550
JSON object : View
Products Affected
torproject
- tor
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer