Opened 4 months ago

Closed 3 months ago

#25117 closed defect (fixed)

Resolve TROVE-2018-002: bug 24700 KIST use-after-free can be remotely triggered

Reported by: nickm Owned by: nickm
Priority: High Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: 033-must
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by nickm)

The use-after free KIST bug that we fixed as #24700 can, it turns out, be triggered remotely, causing relays to crash.

This bug only affects relays and bridges, and only if they are running 0.3.2.1-alpha through 0.3.2.9, or 0.3.3.1-alpha. It is fixed in 0.3.2.10 and 0.3.3.2-alpha.

Tracked as TROVE-2018-002 and CVE-2018-0491.

Child Tickets

Change History (3)

comment:1 Changed 3 months ago by dgoulet

Owner: set to nickm
Status: newassigned

comment:2 Changed 3 months ago by dgoulet

Keywords: 033-must added

Some ticket dgoulet thinks must go in 033.

comment:3 Changed 3 months ago by nickm

Description: modified (diff)
Resolution: fixed
Status: assignedclosed
Summary: Resolve TROVE-2018-002Resolve TROVE-2018-002: bug 24700 KIST use-after-free can be remotely triggered
Note: See TracTickets for help on using tickets.