Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor.
Max CVSS
5.0
Published
2011-01-19
Updated
2011-07-19
EPSS
29.84%
Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly manage key data in memory, which might allow local users to obtain sensitive information by leveraging the ability to read memory that was previously used by a different process.
Max CVSS
2.1
Published
2011-01-19
Updated
2011-01-22
EPSS
0.04%
Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
Max CVSS
6.8
Published
2011-01-19
Updated
2017-08-17
EPSS
4.93%
Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to Libevent within Libevent log handlers, which might allow remote attackers to cause a denial of service (daemon crash) via vectors that trigger certain log messages.
Max CVSS
5.0
Published
2011-01-19
Updated
2017-08-17
EPSS
2.09%
The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not validate a certain size value during memory allocation, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors, related to "underflow errors."
Max CVSS
5.0
Published
2011-01-19
Updated
2017-08-17
EPSS
2.28%
Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (assertion failure and daemon exit) via blobs that trigger a certain file size, as demonstrated by the cached-descriptors.new file.
Max CVSS
5.0
Published
2011-01-19
Updated
2017-08-17
EPSS
2.09%
Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors related to malformed router caches and improper handling of integer values.
Max CVSS
5.0
Published
2011-01-19
Updated
2017-08-17
EPSS
2.18%
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!