Back to search
CVE-2016-8860
Published: Jan 4, 2017
Modified: Aug 6, 2024
PUBLISHED
Description
Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://blog.torproject.org/blog/tor-0289-released-important-fixes
x_refsource_CONFIRM
GLSA-201612-45
vendor-advisory
x_refsource_GENTOO
[oss-security] 20161019 Re: CVE request for tor
mailing-list
x_refsource_MLIST
https://trac.torproject.org/projects/tor/ticket/20384
x_refsource_CONFIRM
95116
vdb-entry
x_refsource_BID
DSA-3694
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now