Skip to main content

Tor Multiple Vulnerabilities

Last Update Date: 30 May 2014 Release Date: 19 Jan 2011 7860 Views

RISK: Medium Risk

TYPE: Attacks - Other

TYPE: Other

Multiple vulnerabilities have been identified in Tor, which could be exploited by attackers to cause a denial of service, gain knowledge of sensitive information or execute arbitrary code.

1. A heap overflow error when processing malformed data, which could be exploited to compromise a vulnerable system.

2. An error when processing zlib-compressed data with a high compression factor, which could be exploited to crash an affected application.

3. Various keys not being properly freed in memory, which could allow attackers to disclose memory contents.


Impact

  • Denial of Service
  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • Tor versions prior to 0.2.1.29

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Upgrade to Tor version 0.2.1.29.

Vulnerability Identifier

  • No CVE information is available

Source


Related Link