CVE-2021-34550

Severity CVSS v4.0:
Pending analysis
Type:
CWE-119 Buffer Errors
Publication date:
29/06/2021
Last modified:
20/09/2021

Description

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:* 0.3.5.15 (excluding)
cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:* 0.4.0.0 (including) 0.4.4.9 (excluding)
cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:* 0.4.5.0 (including) 0.4.5.9 (excluding)
cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:* 0.4.6.0 (including) 0.4.6.5 (excluding)