ALT-PU-2020-1525-1
Closed vulnerabilities
Published: 2020-03-23
BDU:2020-01963
Уязвимость браузера Tor, связанная с неконтролируемым расходом ресурса, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2020-03-23
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-10592
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2020-02-02
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-8516
The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability
Severity: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
- https://lists.torproject.org/pipermail/tor-dev/2020-February/014146.html
- https://lists.torproject.org/pipermail/tor-dev/2020-February/014146.html
- https://lists.torproject.org/pipermail/tor-dev/2020-February/014147.html
- https://lists.torproject.org/pipermail/tor-dev/2020-February/014147.html
- https://security-tracker.debian.org/tracker/CVE-2020-8516
- https://security-tracker.debian.org/tracker/CVE-2020-8516
- https://trac.torproject.org/projects/tor/ticket/33129
- https://trac.torproject.org/projects/tor/ticket/33129
- https://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html
- https://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html