Opened 2 years ago

Closed 2 years ago

#25251 closed defect (fixed)

Fix TROVE-2018-004: bad consensus can trigger null pointer crash.

Reported by: nickm Owned by: nickm
Priority: Medium Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: 033-must, 029-backport
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by nickm)

When checking their own versions against the subprotocol versions listed in a consensus document, Tor instances could be made to crash if the consensus was incorrectly formatted.

This is a low-severity bug, since it can only be exploited by corrupting a majority of directory authorities. (And any attacker who can do that, can do far worse.)

We're tracking this one as TROVE-2018-004. It was present in and later. It is fixed in,,, and

Child Tickets

Change History (1)

comment:1 Changed 2 years ago by nickm

Description: modified (diff)
Resolution: fixed
Status: assignedclosed
Summary: Fix TROVE-2018-004Fix TROVE-2018-004: bad consensus can trigger null pointer crash.
Note: See TracTickets for help on using tickets.