CVE-2011-2778

Tor < 0.2.2.35 - Remote Code Execution via SOCKS Connection

Title source: llm
STIX 2.1

Description

Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by (1) establishing a SOCKS connection to SocksPort or (2) leveraging a SOCKS proxy configuration.

References (2)

Core 2
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2363

Scores

EPSS 0.0382
EPSS Percentile 88.8%

Details

CWE
CWE-119
Status published
Products (47)
tor/tor 0.0.2
tor/tor 0.0.3
tor/tor 0.0.4
tor/tor 0.0.5
tor/tor 0.0.6
tor/tor 0.0.6.1
tor/tor 0.0.6.2
tor/tor 0.0.7
tor/tor 0.0.7.1
tor/tor 0.0.7.2
... and 37 more
Published Dec 23, 2011
Tracked Since Feb 18, 2026