CVE-2017-8820

HIGH

Tor < 0.2.5.16 - NULL Pointer Dereference

Title source: rule
STIX 2.1

Description

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010.

References (3)

Core 3
Core References
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2017/dsa-4054
Vendor Advisory x_refsource_confirm
https://bugs.torproject.org/24245

Scores

CVSS v3 7.5
EPSS 0.0170
EPSS Percentile 74.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (4)
debian/debian_linux 8.0
debian/debian_linux 9.0
n/a/Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9 Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.
tor_project/tor < 0.2.5.16
Published Dec 03, 2017
Tracked Since Feb 18, 2026