Tor CVE-2018-0490 Denial of Service Vulnerability

Bugtraq ID:	104481
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2018-0490
Remote:	Yes
Local:	No
Published:	Mar 03 2018 12:00AM
Updated:	Mar 03 2018 12:00AM
Credit:	teor
Vulnerable:	Tor Project Tor 0.3.2.9 Tor Project Tor 0.3.2.0 Tor Project Tor 0.3.1.9 Tor Project Tor 0.3.1.7 Tor Project Tor 0.3.1.0 Tor Project Tor 0.2.9.14 Tor Project Tor 0.2.9.12 Tor Project Tor 0.2.9.11 Tor Project Tor 0.2.9.0 Tor Project Tor 0.2.8.9 Tor Project Tor 0.2.8.8 Tor Project Tor 0.2.8.15 Tor Project Tor 0.2.8.14
Not Vulnerable:	Tor Project Tor 0.3.2.10 Tor Project Tor 0.3.1.10 Tor Project Tor 0.2.9.15

Tor CVE-2018-0490 Denial of Service Vulnerability

Tor is prone to a denial-of-service vulnerability.

Attackers may exploit this issue to cause an affected application to crash, resulting in a denial-of-service condition.

Tor prior to 0.2.9.15, 0.3.1.0 through 0.3.1.9, and 0.3.2.0 through 0.3.2.9 are vulnerable.

Tor CVE-2018-0490 Denial of Service Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Tor CVE-2018-0490 Denial of Service Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Tor CVE-2018-0490 Denial of Service Vulnerability

References:

• Tor Homepage (Tor)
  
• Bug 1553355 CVE-2018-0490 tor: NULL pointer dereference via a misformatted relay (Redhat)
  
• Debian Security Advisory DSA-4183-1 tor -- security update (Debian)
  
• New stable Tor releases, with security fixes and DoS prevention: 0.3.2.10, 0.3.1 (Tor Project)
  
• TROVE-2018-001: null-pointer crash in directory authority protocol list code (Tor)