wiki:TROVE

Version 46 (modified by nickm, 6 months ago) (diff)

--

TROVE: Tor Registry Of Vulnerabilities and Exposures

This page is an experimental registry of Tor software security problems, as we find them. We assign each one a number based on the year, the month, and an index.

For more information on the security policy we're using here, see the network team Security Policy page.

TROVE ID Ticket Severity Bug In Fix In Synopsis CVE Id extra
TROVE-2016-10-001 #20384 , #20894 Medium 0.2.0.16-alpha 0.2.4,28, 0.2.5.13, 0.2.6.11 0.2.7.7, 0.2.8.9, 0.2.9.4-alpha buf_t buffer read beyond end CVE-2016-8860 (Debian: tracker DSA-3694 DLA-663-1)
TROVE-2016-12-002 #21018 Medium 0.2.0.8-alpha 0.2.4.28, 0.2.5.13, 0.2.6.11, 0.2.7.7, 0.2.8.12, 0.2.9.8 0.3.0.1-alpha parse HS descs one byte past end CVE-2016-1254 (Debian: tracker DSA-3741 DLA-754-1)
TROVE-2017-001 #21278 Medium 0.0.8pre1 0.2.4.28, 0.2.5.13, 0.2.6.11, 0.2.7.7, 0.2.8.13, 0.2.9.10, 0.3.0.4-rc, Signed integer overflow when comparing versions
TROVE-2017-002 #22253, #22246 Medium 0.3.0.1-alpha 0.3.0.7, 0.3.1.1-alpha Remotely triggerable assertion failure in relays
TROVE-2017-003 #22268 Low 0.2.8.1-alpha 0.2.8.14, 0.2.9.11, 0.3.0.8, 0.3.1.3-alpha Impersonation of a single a few fallback directory mirrors initial post
TROVE-2017-004 #22493 High 0.3.0.1-alpha 0.3.0.8, 0.3.1.3-alpha Remote assertion failure against hidden services CVE-2017-0375 (Debian: tracker)
TROVE-2017-005 #22494 High 0.2.2.1-alpha 0.2.4.29, 0.2.5.14, 0.2.6.12, 0.2.7.8, 0.2.8.14, 0.2.9.11 0.3.0.8, 0.3.1.3-alpha Remote assertion failure against hidden services CVE-2017-0376 (Debian: tracker, #864424 DSA-3877 DLA-982-1))
TROVE-2017-006 #22753 Medium 0.3.0.1-alpha 0.3.0.9, 0.3.1.4-alpha Path selection issue CVE-2017-0377
TROVE-2017-007 #22789 Medium 0.2.3.8-alpha Remote assertion failure on openbsd

Remember: please get CVE-Ids for everything of severity Medium or higher. To get a CVE-Id, email weasel with a short description of the issue.