CVE-2018-0491

CVE-2018-0491

Name

CVE-2018-0491

Description

A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Issue Tracking	https://trac.torproject.org/projects/tor/ticket/25117
Issue Tracking	https://trac.torproject.org/projects/tor/ticket/24700
Vendor Advisory	https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915
Exploit	https://www.exploit-db.com/exploits/44994/

Type

URI

Issue Tracking

https://trac.torproject.org/projects/tor/ticket/25117

Issue Tracking

https://trac.torproject.org/projects/tor/ticket/24700

Vendor Advisory

https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915

Exploit

https://www.exploit-db.com/exploits/44994/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:torproject:tor::::::::`	tor	>= 0.3.2.0	< 0.3.2.10

CPE URI

Source package

Min version

Max version

cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*

tor

>= 0.3.2.0

< 0.3.2.10

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
tor	edge-community	0.3.2.10-r0	None	fixed
tor	3.22-community	0.3.2.10-r0	None	fixed
tor	3.21-community	0.3.2.10-r0	None	fixed
tor	3.20-community	0.3.2.10-r0	None	fixed
tor	3.19-community	0.3.2.10-r0	None	fixed
tor	3.18-community	0.3.2.10-r0	None	fixed
tor	3.17-community	0.3.2.10-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

tor

edge-community

0.3.2.10-r0

None

fixed

tor

3.22-community