Vulnerability Details : CVE-2011-0015
Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2011-0015
- cpe:2.3:a:tor:tor:*:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.9:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.7:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre13:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre14:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre22:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre23:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre15:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre16:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre24:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre25:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.9.10:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre20:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre21:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre17:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre18:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre19:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre26:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.2_pre27:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.22:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.20:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.21:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.26:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.23:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.2.8:beta:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.2.7:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.2.6:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.2.5:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.2.3:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.2.19:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.2.30:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.2.17:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.2.18:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.8:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.9:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.16:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.17:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.24:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.25:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.25:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.3:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.4:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.5:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.12:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.13:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.20:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.21:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.30:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.28:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.6:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.7:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.14:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.15:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.22:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.23:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.31:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.2.31:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.1:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.2:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.10:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.11:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.18:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.19:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.26:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.27:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.29:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.32:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.35:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.34:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.33:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.6:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.3:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.7:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.5:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.4:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.1:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.2:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.11:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.12:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.19:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.13:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.14:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.9:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.10:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.17:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.18:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.8:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.15:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.16:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.11:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.12:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.20:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.25:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.27:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.8:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.8:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.5:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.3:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.4:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.5:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.6:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.2:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.1:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.10:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.2.20:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.1:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.21:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.22:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.23:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.24:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.31:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.30:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.0.29:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.2.1:alpha-cvs:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.7:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.6:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.9:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.10:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.2:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.26:*:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.7:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.2.1.9:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.3:alpha:*:*:*:*:*:*
- cpe:2.3:a:tor:tor:0.1.1.4:alpha:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0015
30.59%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0015
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-0015
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0015
-
https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog
Patch
-
http://www.vupen.com/english/advisories/2011/0131
Webmail | OVH- OVHVendor Advisory
-
http://www.vupen.com/english/advisories/2011/0132
Webmail | OVH- OVHVendor Advisory
-
http://blog.torproject.org/blog/tor-02129-released-security-patches
Tor 0.2.1.29 is released (security patches) | Tor BlogPatch
-
http://www.securitytracker.com/id?1024980
Tor Flaws Let Remote Users Execute Arbitrary Code or Deny Service and Let Local Users Obtain Potentially Sensitive Information - SecurityTracker
-
https://trac.torproject.org/projects/tor/ticket/2324
#2324 (realloc should check SIZE_T_CEILING too?) – Tor Bug Tracker & Wiki
-
http://www.securityfocus.com/bid/45832
Tor Unspecified Buffer Overflow, Denial of Service and Information Disclosure Vulnerabilities
-
http://archives.seul.org/or/announce/Jan-2011/msg00000.html
Tor 0.2.1.29 is released (security patches)Patch
-
http://www.debian.org/security/2011/dsa-2148
Debian -- Security Information -- DSA-2148-1 tor
-
http://www.openwall.com/lists/oss-security/2011/01/18/7
oss-security - Re: CVE request: tor
Jump to