Opened 17 months ago
Closed 16 months ago
#24245 closed defect (fixed)
Fix TROVE-2017-010: Remote DoS attack against directory authorities
| Reported by: | nickm | Owned by: | nickm |
|---|---|---|---|
| Priority: | Medium | Milestone: | Tor: 0.2.9.x-final |
| Component: | Core Tor/Tor | Version: | |
| Severity: | Normal | Keywords: | trove-2017-010 |
| Cc: | Actual Points: | ||
| Parent ID: | Points: | ||
| Reviewer: | Sponsor: |
Description (last modified by )
TROVE-2017-010: Remote DoS attack against directory authorities SEVERITY: Medium ALSO TRACKED AS: CVE-2017-8820 SUMMARY: If an attacker uploads a malformed descriptor to a directory authority, lacking a protocol line and not claiming any particular Tor compatibility, the authority will crash when it tries to vote. THE PROBLEM: An attacker who sends a malformatted descriptor to a directory authority can make that directory authority crash by reading a null pointer. The problematic code was introduced in 0.2.9.4-alpha, with the rest of the subprotocols system. FIX: All directory authorities should upgrade to one of the releases with a fix for this issue: 0.2.9.14, 0.3.0.13, 0.3.1.9, or 0.3.2.6-alpha.
Child Tickets
Change History (2)
comment:1 Changed 17 months ago by
| Owner: | set to nickm |
|---|---|
| Status: | new → accepted |
comment:2 Changed 16 months ago by
| Description: | modified (diff) |
|---|---|
| Milestone: | Tor: 0.3.3.x-final → Tor: 0.2.9.x-final |
| Resolution: | → fixed |
| Status: | accepted → closed |
| Summary: | Fix TROVE-2017-010 → Fix TROVE-2017-010: Remote DoS attack against directory authorities |
Note: See
TracTickets for help on using
tickets.
This issue is fixed in today's security releases.