Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-3518

The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document.

Related bugs and status

CVE-2012-3518 (Candidate) is related to these bugs:

Bug #1039560: <tor-0.2.2.38 : Multiple vulnerabilites

		In	Importance	Status
1039560	<tor-0.2.2.38 : Multiple vulnerabilites	tor (Ubuntu)	Undecided	Fix Released
1039560	<tor-0.2.2.38 : Multiple vulnerabilites	Gentoo Linux	Low	Fix Released
1039560	<tor-0.2.2.38 : Multiple vulnerabilites	tor (Ubuntu Precise)	Undecided	Won't Fix
1039560	<tor-0.2.2.38 : Multiple vulnerabilites	tor (Ubuntu Quantal)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2012082...
MLIST: [tor-announce] 2012081...
CONFIRM: https://gitweb.torproj...
CONFIRM: https://gitweb.torproj...
CONFIRM: https://trac.torprojec...
SUSE: openSUSE-SU-2012:1068
SECUNIA: 50583
GENTOO: GLSA-201301-03