Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before 0.2.2.20-alpha allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors.
Max CVSS
10.0
EPSS Score
15.84%
Published
2010-12-22
Updated
2011-01-22
Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0.
Max CVSS
10.0
EPSS Score
0.38%
Published
2009-03-18
Updated
2009-04-18
Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impact and remote attack vectors that trigger heap corruption.
Max CVSS
10.0
EPSS Score
1.55%
Published
2009-02-03
Updated
2011-03-08
Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream.
Max CVSS
9.3
EPSS Score
0.65%
Published
2008-12-09
Updated
2017-08-08
4 vulnerabilities found