CVE-2011-0491

Tor < 0.2.1.28 - Denial of Service via Memory Allocation Underflow

Title source: llm
STIX 2.1

Description

The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not validate a certain size value during memory allocation, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors, related to "underflow errors."

References (6)

Core 6
Core References
Various Sources x_refsource_confirm
https://trac.torproject.org/projects/tor/ticket/2324
Patch, Vendor Advisory x_refsource_confirm
http://blog.torproject.org/blog/tor-02129-released-security-patches
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/64888
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/45953

Scores

EPSS 0.0252
EPSS Percentile 83.0%

Details

CWE
CWE-20
Status published
Products (50)
tor/tor 0.0.2
tor/tor 0.0.2_pre13
tor/tor 0.0.2_pre14
tor/tor 0.0.2_pre15
tor/tor 0.0.2_pre16
tor/tor 0.0.2_pre17
tor/tor 0.0.2_pre18
tor/tor 0.0.2_pre19
tor/tor 0.0.2_pre20
tor/tor 0.0.2_pre21
... and 40 more
Published Jan 19, 2011
Tracked Since Feb 18, 2026