|
|
= TROVE: Tor Registry Of Vulnerabilities and Exposures =
|
|
|
|
|
|
This page is an experimental registry of Tor software security problems, as we find them. We assign each one a number based on the year, ~~the month,~~ and an index.
|
|
|
|
|
|
For more information on the security policy we're using here, see [https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SecurityPolicy the network team Security Policy page].
|
|
|
|
|
|
For high-severity issues not already publicly disclosed or being exploited, we will fix them in all affected releases, all at once, as soon as we can. We will notify the world that such a bug exists in advance of the patch, and we will release the patch once we believe it works.
|
|
|
|
|
|
||= TROVE ID =||= Ticket =||= Severity =||= Bug In =||= Fix In =||= Synopsis =||= [https://cve.mitre.org/ CVE Id] =||= extra =||
|
|
|
|| TROVE-2016-10-001 || #20384 , #20894 || Medium || 0.2.0.16-alpha || 0.2.4,28, 0.2.5.13, 0.2.6.11 0.2.7.7, 0.2.8.9, 0.2.9.4-alpha || buf_t buffer read beyond end || CVE-2016-8860 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2016-8860 tracker] [https://www.debian.org/security/2016/dsa-3694 DSA-3694] [https://lists.debian.org/debian-lts-announce/2016/10/msg00019.html DLA-663-1])
|
|
|
|| TROVE-2016-12-002 || #21018 || Medium || 0.2.0.8-alpha || 0.2.4.28, 0.2.5.13, 0.2.6.11, 0.2.7.7, 0.2.8.12, 0.2.9.8 0.3.0.1-alpha || parse HS descs one byte past end || CVE-2016-1254 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2016-1254 tracker] [https://www.debian.org/security/2016/dsa-3741 DSA-3741] [https://lists.debian.org/debian-lts-announce/2016/12/msg00030.html DLA-754-1]) ||
|
|
|
|| TROVE-2017-001 || #21278 || Medium || 0.0.8pre1 || 0.2.4.28, 0.2.5.13, 0.2.6.11, 0.2.7.7, 0.2.8.13, 0.2.9.10, 0.3.0.4-rc, || Signed integer overflow when comparing versions || || ||
|
|
|
|| TROVE-2017-002 || #22253, #22246 || Medium || 0.3.0.1-alpha || 0.3.0.7, 0.3.1.1-alpha || Remotely triggerable assertion failure in relays || || ||
|
|
|
|| TROVE-2017-003 || #22268 || Low || 0.2.8.1-alpha || 0.2.8.14, 0.2.9.11, 0.3.0.8, 0.3.1.3-alpha || Impersonation of ~~a single~~ a few fallback directory mirrors || || [https://lists.torproject.org/pipermail/tor-relays/2017-May/012281.html initial post] ||
|
|
|
|| TROVE-2017-004 || #22493 || High || 0.3.0.1-alpha ||0.3.0.8, 0.3.1.3-alpha || Remote assertion failure against hidden services || CVE-2017-0375 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2017-0375 tracker]) ||
|
|
|
|| TROVE-2017-005 || #22494 || High || 0.2.2.1-alpha || 0.2.4.29, 0.2.5.14, 0.2.6.12, 0.2.7.8, 0.2.8.14, 0.2.9.11 0.3.0.8, 0.3.1.3-alpha || Remote assertion failure against hidden services || CVE-2017-0376 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2017-0376 tracker], [https://bugs.debian.org/864424 #864424] [https://www.debian.org/security/2017/dsa-3877 DSA-3877] [https://lists.debian.org/debian-lts-announce/2017/06/msg00011.html DLA-982-1])) ||
|
|
|
|| TROVE-2017-006 || #22753 || Medium || 0.3.0.1-alpha || 0.3.0.9, 0.3.1.4-alpha || Path selection issue || CVE-2017-0377 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2017-0377 tracker] ) ||
|
|
|
|| TROVE-2017-007 || #22789 || Medium || 0.2.3.8-alpha || 0.3.0.10, 0.3.1.5-alpha, ''0.2.5.15'', 0.2.8.15, 0.2.9.12 || Remote assertion failure on openbsd || || ||
|
|
|
|| TROVE-2017-008 || #23490 || Medium || 0.2.7.2-alpha || 0.2.8.15, 0.2.9.12, 0.3.0.11, 0.3.1.7 || Stack disclosure in hidden services logs when SafeLogging disabled || CVE-2017-0380 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2017-0380 tracker], [https://bugs.debian.org/876221 #876221]) ||
|
|
|
|| TROVE-2017-009 || #24244 || Medium || 0.2.4 and later || 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha || Replay-cache ineffective for v2 onion services. || CVE-2017-8819 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2017-8819 tracker], [https://www.debian.org/security/2017/dsa-4054 DSA-4054] )
|
|
|
|| TROVE-2017-010 || #24245 || Medium || 0.2.9 and later || 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha || Remote DoS attack against directory authorities || CVE-2017-8820 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2017-8820 tracker], [https://www.debian.org/security/2017/dsa-4054 DSA-4054] )
|
|
|
|| TROVE-2017-011 || #24246 || High || all Tor versions || 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha || An attacker can make Tor ask for a password || CVE-2017-8821 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2017-8821 tracker], [https://www.debian.org/security/2017/dsa-4054 DSA-4054] )
|
|
|
|| TROVE-2017-012 || #24333 || Medium || 0.2.5 and later || 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha || Relays can pick themselves in a circuit path || CVE-2017-8822 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2017-8822 tracker], [https://www.debian.org/security/2017/dsa-4054 DSA-4054] )
|
|
|
|| TROVE-2017-013 || #24430 || High || 0.2.7 and later || 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha || Use-after-free in onion service v2 || CVE-2017-8823 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2017-8823 tracker], [https://www.debian.org/security/2017/dsa-4054 DSA-4054] )
|
|
|
|| TROVE-2018-001 || #25074 || Medium || 0.2.9.4-alpha || 0.2.9.15, 0.3.1.10, 0.3.2.10, 0.3.3.3-alpha || Remote assertion failure in directory authority protocol handling || CVE-2018-0490 || ||
|
|
|
|| TROVE-2018-002 || #25117 || Medium || 0.3.2.1-alpha || 0.3.2.10, 0.3.3.2-alpha || Use-after-free in KIST scheduler || CVE-2018-0491 || ||
|
|
|
|| TROVE-2018-003 || #25250 || Low || 0.3.3.1-alpha || 0.3.3.3-alpha || Infinite loop in rust protover code || n/a || n/a
|
|
|
|| TROVE-2018-004 || #25251 || Low || 0.2.9.4-alpha || 0.2.9.15, 0.3.1.10, 0.3.2.10, 0.3.3.3-alpha || Crash on bad protocol information in consensus || n/a || n/a
|
|
|
|| TROVE-2018-005 || #25517 || Medium/Low || 0.2.9.4-alpha || 0.3.3.6, 0.3.4.2-alpha || Memory exhaustion against directory authorities || n/a || n/a
|
|
|
|| TROVE-2018-006 || #28630 || n/a || n/a || n/a || false alarm || || ||
|
|
|
|| TROVE-2019-001 || #29168 || Medium || 0.3.2.1-alpha || 0.3.3.12, 0.3.4.11, 0.3.5.8, 0.4.0.2-alpha || Remote memory exhaustion attack due to KIST ignoring outbuf highwater marks || CVE-2019-8955 || ||
|
|
|
|| TROVE-2020-001 || #33119 || Medium || || || || || || ||
|
|
|
|| TROVE-2020-002 || #33120 || High || 0.2.1.5-alpha || 0.3.5.10, 0.4.1.9, 0.4.2.7, 0.4.3.3-alpha || Remote CPU-based denial of service || CVE-2020-10592 || ||
|
|
|
|| TROVE-2020-003 || #33137 || Low || 0.3.3.1-alpha || 0.3.5.10, 0.4.1.9, 0.4.2.7, 0.4.3.3-alpha || Local crash, requires authenticated access to control port || n/a || || || ||
|
|
|
|| TROVE-2020-004 || #33619 || Medium || 0.4.0.1-alpha || 0.4.1.9, 0.4.2.7, 0.4.3.3-alpha || Remotely triggered memory leak || CVE-2020-10593 || ||
|
|
|
|
|
|
Remember: please get CVE-Ids for everything of severity Medium or higher. To get a CVE-Id, visit https://cveform.mitre.org/ . |
|
|
\ No newline at end of file |