wiki:TROVE

Version 31 (modified by nickm, 2 years ago) (diff)

--

TROVE: Tor Registry Of Vulnerabilities and Exposures

This page is an experimental registry of Tor software security problems, as we find them. We assign each one a number based on the year, the month, and an index.

For more information on the security policy we're using here, see the network team Security Policy page.

TROVE ID Ticket Severity Versions affected Synopsis CVE Id extra
TROVE-2016-10-001 #20384 , #20894 Medium buf_t buffer read beyond end CVE-2016-8860 (Debian: tracker DSA-3694 DLA-663-1)
TROVE-2016-12-002 #21018 Medium parse HS descs one byte past end CVE-2016-1254 (Debian: tracker DSA-3741 DLA-754-1)
TROVE-2017-001 #21278 Medium Signed integer overflow when comparing versions
TROVE-2017-002 #22253, #22246 Medium Remotely triggerable assertion failure in relays
TROVE-2017-003 #22268 Low Impersonation of a single a few fallback directory mirrors
TROVE-2017-004 #22493 High Introduced in 0.3.0.1-alpha; fixed in 0.3.0.8, 0.3.1.3-alpha Remote assertion failure CVE-2017-0375 (Debian: tracker)
TROVE-2017-005 #22494 High Introduced in 0.2.2.1-alpha; fixed in 0.2.4.29, 0.2.5.14, 0.2.6.12, 0.2.7.8, 0.2.8.14, 0.2.9.11 0.3.0.8, 0.3.1.3-alpha Remote assertion failure CVE-2017-0376 (Debian: tracker)

Remember: please get CVE-Ids for everything of severity Medium or higher. To get a CVE-Id, email weasel with a short description of the issue.