CVE-2011-2778
Tor < 0.2.2.35 - Remote Code Execution via SOCKS Connection
Title source: llmDescription
Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by (1) establishing a SOCKS connection to SocksPort or (2) leveraging a SOCKS proxy configuration.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://blog.torproject.org/blog/tor-02235-released-security-patches
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2363
Scores
EPSS
0.0382
EPSS Percentile
88.8%
Details
CWE
CWE-119
Status
published
Products (47)
tor/tor
0.0.2
tor/tor
0.0.3
tor/tor
0.0.4
tor/tor
0.0.5
tor/tor
0.0.6
tor/tor
0.0.6.1
tor/tor
0.0.6.2
tor/tor
0.0.7
tor/tor
0.0.7.1
tor/tor
0.0.7.2
... and 37 more
Published
Dec 23, 2011
Tracked Since
Feb 18, 2026