CVE-2017-8823 : In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certain error cases, aka TROVE-2017-013.

Published 2017-12-03 07:29:00

Updated 2017-12-21 18:01:42

Source Debian GNU/Linux

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2017-8823

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Tor Project » TOR
Versions before (<) 0.2.5.16
cpe:2.3:a:tor_project:tor:*:*:*:*:*:*:*:*
Matching versions
Tor Project » TOR
Versions from including (>=) 0.3.1 and before (<) 0.3.1.9
cpe:2.3:a:tor_project:tor:*:*:*:*:*:*:*:*
Matching versions
Tor Project » TOR
Versions from including (>=) 0.2.6 and before (<) 0.2.8.17
cpe:2.3:a:tor_project:tor:*:*:*:*:*:*:*:*
Matching versions
Tor Project » TOR
Versions from including (>=) 0.2.9 and before (<) 0.2.9.14
cpe:2.3:a:tor_project:tor:*:*:*:*:*:*:*:*
Matching versions
Tor Project » TOR
Versions from including (>=) 0.3.0 and before (<) 0.3.0.13
cpe:2.3:a:tor_project:tor:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-8823

EPSS FAQ

0.56%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 66 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-8823

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.1	HIGH	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	2.2	5.9	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-8823

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-8823

https://bugs.torproject.org/24313

#24313 (Crash: died: Caught signal 11 [crash from rend_consider_services_intro_points]) – Tor Bug Tracker & Wiki
Issue Tracking;Vendor Advisory
https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516

New stable Tor releases, with security fixes: 0.3.1.9, 0.3.0.13, 0.2.9.14, 0.2.8.17, 0.2.5.16 | Tor Blog
Vendor Advisory

CVEs referencing this url
https://www.debian.org/security/2017/dsa-4054

Debian -- Security Information -- DSA-4054-1 tor
Third Party Advisory

CVEs referencing this url
https://bugs.torproject.org/24430

#24430 (Fix TROVE-2017-013: Use-after-free in onion service v2 when rotating intro points) – Tor Bug Tracker & Wiki
Vendor Advisory

Jump to

Vulnerability Details : CVE-2017-8823

Products affected by CVE-2017-8823

Exploit prediction scoring system (EPSS) score for CVE-2017-8823

CVSS scores for CVE-2017-8823

CWE ids for CVE-2017-8823

References for CVE-2017-8823