ALT-PU-2021-1492-1
Closed vulnerabilities
Published: 2021-03-03
BDU:2021-01891
Уязвимость функции dirvote_add_signatures_to_pending_consensus() браузера Tor, связанная с недостатком использования функции assert(), позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.3)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References:
Published: 2021-02-10
BDU:2021-01909
Уязвимость функции dump_desc() браузера Tor, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2021-03-19
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-28089
Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2021-03-19
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-28090
Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.
Severity: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References:
- https://blog.torproject.org/node/2009
- https://blog.torproject.org/node/2009
- https://bugs.torproject.org/tpo/core/tor/40316
- https://bugs.torproject.org/tpo/core/tor/40316
- https://gitlab.torproject.org/tpo/core/tor/-/issues/40316
- https://gitlab.torproject.org/tpo/core/tor/-/issues/40316
- FEDORA-2021-e68317166d
- FEDORA-2021-e68317166d
- GLSA-202107-25
- GLSA-202107-25