Opened 6 months ago

Closed 5 months ago

#33120 closed defect (fixed)

Resolve TROVE-2020-002

Reported by: nickm Owned by: nickm
Priority: High Milestone: Tor: 0.4.3.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: 043-must 035-backport 041-backport 042-backport
Cc: Actual Points: 3
Parent ID: Points: 1
Reviewer: ahf, asn, catalyst Sponsor:

Description (last modified by nickm)

This is the description I posted in the changelog:

  TROVE-2020-002 is a vulnerability affecting
  all released Tor instances since Using this
  vulnerability, an attacker could cause Tor instances to consume a huge
  amount of CPU, disrupting their operations for several seconds or
  minutes. This attack could be launched by anybody against a relay, or
  by a directory cache against any client that had connected to it. The
  attacker could launch this attack as much as they wanted, thereby
  disrupting service or creating patterns that could aid in traffic
  analysis. This issue was found by OSS-Fuzz, and is also tracked
  as CVE-2020-10592.

I will post a more detailed analysis in a week or so.

This issue is fixed in today's Tor releases:,,, and

Child Tickets

Change History (6)

comment:1 Changed 6 months ago by nickm

Owner: set to nickm
Points: 1
Status: newaccepted

comment:2 Changed 6 months ago by nickm

Priority: MediumHigh

Mark 043-must tickets as high priority

comment:3 Changed 6 months ago by nickm

Status: acceptedneeds_review

This has had an initial review on the security list, but I would like another.

comment:4 Changed 5 months ago by dgoulet

Reviewer: ahf, asn, catalyst

dgoulet reviewed it on the security list.

Adding remaining net team people to do a pass. Then nickm can decide to merge once satisfied with the reviews.

comment:5 Changed 5 months ago by catalyst

I wrote some comments to the security list yesterday.

comment:6 Changed 5 months ago by nickm

Actual Points: 3
Description: modified (diff)
Keywords: 035-backport 041-backport 042-backport added
Resolution: fixed
Status: needs_reviewclosed
Note: See TracTickets for help on using tickets.