Vulnerabilities > CVE-2018-0491 - Use After Free vulnerability in Torproject TOR
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 9 |
Common Weakness Enumeration (CWE)
Exploit-Db
description Tor Browser < 0.3.2.10 - Use After Free (PoC). CVE-2018-0491. Dos exploit for Linux platform id EDB-ID:44994 last seen 2018-07-09 modified 2018-07-09 published 2018-07-09 reporter Exploit-DB source https://www.exploit-db.com/download/44994/ title Tor Browser < 0.3.2.10 - Use After Free (PoC) id EDB-ID:44994
Nessus
NASL family | SuSE Local Security Checks |
NASL id | OPENSUSE-2018-223.NASL |
description | This update for tor to version 0.3.2.10 fixes security issues and bugs. The following vulnerabilities were fixed : - CVE-2018-0490: remote crash vulnerability against directory authorities (boo#1083845, TROVE-2018-001) - CVE-2018-0491: remote relay crash (boo#1083846, TROVE-2018-002) This new upstream stable version also contains a new system for improved resistance to DoS attacks against relays and various other bug fixes. |
last seen | 2020-06-05 |
modified | 2018-03-07 |
plugin id | 107179 |
published | 2018-03-07 |
reporter | This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/107179 |
title | openSUSE Security Update : tor (openSUSE-2018-223) |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/148454/torbrowser-uaf.txt |
id | PACKETSTORM:148454 |
last seen | 2018-07-10 |
published | 2018-07-09 |
reporter | t4rkd3vilz |
source | https://packetstormsecurity.com/files/148454/Tor-Browser-0.3.2.x-Use-After-Free.html |
title | Tor Browser 0.3.2.x Use-After-Free |
References
- https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915
- https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915
- https://trac.torproject.org/projects/tor/ticket/24700
- https://trac.torproject.org/projects/tor/ticket/24700
- https://trac.torproject.org/projects/tor/ticket/25117
- https://trac.torproject.org/projects/tor/ticket/25117
- https://www.exploit-db.com/exploits/44994/
- https://www.exploit-db.com/exploits/44994/