CVE-2015-2688

HIGH

Tor < 0.2.4.26 - Improper Exception Handling

Title source: rule

Description

buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.

References (2)

[Mailing List, Vendor Advisory] https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html

[Patch, Vendor Advisory] https://trac.torproject.org/projects/tor/ticket/15083

Scores

CVSS v3 7.5

EPSS 0.0057

EPSS Percentile 68.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-755

Status published

Affected Products (1)

torproject/tor < 0.2.4.26

Timeline

Published Jan 24, 2020

Tracked Since Feb 18, 2026