Opened 7 months ago

Closed 7 months ago

#25251 closed defect (fixed)

Fix TROVE-2018-004: bad consensus can trigger null pointer crash.

Reported by: nickm Owned by: nickm
Priority: Medium Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: 033-must, 029-backport
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by nickm)

When checking their own versions against the subprotocol versions listed in a consensus document, Tor instances could be made to crash if the consensus was incorrectly formatted.

This is a low-severity bug, since it can only be exploited by corrupting a majority of directory authorities. (And any attacker who can do that, can do far worse.)

We're tracking this one as TROVE-2018-004. It was present in 0.2.9.4-alpha and later. It is fixed in 0.2.9.15, 0.3.1.10, 0.3.2.10, and 0.3.3.3-alpha.

Child Tickets

Change History (1)

comment:1 Changed 7 months ago by nickm

Description: modified (diff)
Resolution: fixed
Status: assignedclosed
Summary: Fix TROVE-2018-004Fix TROVE-2018-004: bad consensus can trigger null pointer crash.
Note: See TracTickets for help on using tickets.