CVE-2019-8955
HIGHTor < 0.3.3.12, 0.3.4.x < 0.3.4.11, 0.3.5.x < 0.3.5.8, 0.4.x < 0.4.0.2-alpha - Remote DoS via KIST Cell Scheduler
Title source: llmDescription
In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107136
Vendor Advisory x_refsource_misc
https://trac.torproject.org/projects/tor/ticket/29168
Vendor Advisory x_refsource_misc
https://blog.torproject.org/new-releases-tor-0402-alpha-0358-03411-and-03312
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00013.html
Scores
CVSS v3
7.5
EPSS
0.0457
EPSS Percentile
90.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-770
Status
published
Products (18)
torproject/tor
0.3.4.0 alpha-dev
torproject/tor
0.3.4.1 alpha
torproject/tor
0.3.4.2 alpha
torproject/tor
0.3.4.3 alpha
torproject/tor
0.3.4.4 rc
torproject/tor
0.3.4.5 rc
torproject/tor
0.3.4.6 rc
torproject/tor
0.3.4.7 rc
torproject/tor
0.3.5.0 alpha-dev
torproject/tor
0.3.5.1 alpha
... and 8 more
Published
Feb 21, 2019
Tracked Since
Feb 18, 2026