|
= TROVE: Tor Registry Of Vulnerabilities and Exposures =
|
|
# TROVE: Tor Registry Of Vulnerabilities and Exposures
|
|
|
|
|
|
This page is an experimental registry of Tor software security problems, as we find them. We assign each one a number based on the year, ~~the month,~~ and an index.
|
|
This page is an experimental registry of Tor software security problems, as we find them. We assign each one a number based on the year, ~~the month,~~ and an index.
|
|
|
|
|
|
For more information on the security policy we're using here, see [https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SecurityPolicy the network team Security Policy page].
|
|
For more information on the security policy we're using here, see [the network team Security Policy page](https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SecurityPolicy).
|
|
|
|
|
|
For high-severity issues not already publicly disclosed or being exploited, we will fix them in all affected releases, all at once, as soon as we can. We will notify the world that such a bug exists in advance of the patch, and we will release the patch once we believe it works.
|
|
For high-severity issues not already publicly disclosed or being exploited, we will fix them in all affected releases, all at once, as soon as we can. We will notify the world that such a bug exists in advance of the patch, and we will release the patch once we believe it works.
|
|
|
|
|
|
||= TROVE ID =||= Ticket =||= Severity =||= Bug In =||= Fix In =||= Synopsis =||= [https://cve.mitre.org/ CVE Id] =||= extra =||
|
|
|= TROVE ID =|= Ticket =|= Severity =|= Bug In =|= Fix In =|= Synopsis =|= [CVE Id](https://cve.mitre.org/) =|= extra =|
|
|
|| TROVE-2016-10-001 || #20384 , #20894 || Medium || 0.2.0.16-alpha || 0.2.4,28, 0.2.5.13, 0.2.6.11 0.2.7.7, 0.2.8.9, 0.2.9.4-alpha || buf_t buffer read beyond end || CVE-2016-8860 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2016-8860 tracker] [https://www.debian.org/security/2016/dsa-3694 DSA-3694] [https://lists.debian.org/debian-lts-announce/2016/10/msg00019.html DLA-663-1])
|
|
|------------|----------|------------|----------|----------|------------|------------------------------------|---------|
|
|
|| TROVE-2016-12-002 || #21018 || Medium || 0.2.0.8-alpha || 0.2.4.28, 0.2.5.13, 0.2.6.11, 0.2.7.7, 0.2.8.12, 0.2.9.8 0.3.0.1-alpha || parse HS descs one byte past end || CVE-2016-1254 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2016-1254 tracker] [https://www.debian.org/security/2016/dsa-3741 DSA-3741] [https://lists.debian.org/debian-lts-announce/2016/12/msg00030.html DLA-754-1]) ||
|
|
| TROVE-2016-10-001 | #20384 , #20894 | Medium | 0.2.0.16-alpha | 0.2.4,28, 0.2.5.13, 0.2.6.11 0.2.7.7, 0.2.8.9, 0.2.9.4-alpha | buf_t buffer read beyond end | CVE-2016-8860 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2016-8860) [DSA-3694](https://www.debian.org/security/2016/dsa-3694) [DLA-663-1](https://lists.debian.org/debian-lts-announce/2016/10/msg00019.html))
|
|
|| TROVE-2017-001 || #21278 || Medium || 0.0.8pre1 || 0.2.4.28, 0.2.5.13, 0.2.6.11, 0.2.7.7, 0.2.8.13, 0.2.9.10, 0.3.0.4-rc, || Signed integer overflow when comparing versions || || ||
|
|
| TROVE-2016-12-002 | #21018 | Medium | 0.2.0.8-alpha | 0.2.4.28, 0.2.5.13, 0.2.6.11, 0.2.7.7, 0.2.8.12, 0.2.9.8 0.3.0.1-alpha | parse HS descs one byte past end | CVE-2016-1254 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2016-1254) [DSA-3741](https://www.debian.org/security/2016/dsa-3741) [DLA-754-1](https://lists.debian.org/debian-lts-announce/2016/12/msg00030.html)) |
|
|
|| TROVE-2017-002 || #22253, #22246 || Medium || 0.3.0.1-alpha || 0.3.0.7, 0.3.1.1-alpha || Remotely triggerable assertion failure in relays || || ||
|
|
| TROVE-2017-001 | #21278 | Medium | 0.0.8pre1 | 0.2.4.28, 0.2.5.13, 0.2.6.11, 0.2.7.7, 0.2.8.13, 0.2.9.10, 0.3.0.4-rc, | Signed integer overflow when comparing versions | | |
|
|
|| TROVE-2017-003 || #22268 || Low || 0.2.8.1-alpha || 0.2.8.14, 0.2.9.11, 0.3.0.8, 0.3.1.3-alpha || Impersonation of ~~a single~~ a few fallback directory mirrors || || [https://lists.torproject.org/pipermail/tor-relays/2017-May/012281.html initial post] ||
|
|
| TROVE-2017-002 | #22253, #22246 | Medium | 0.3.0.1-alpha | 0.3.0.7, 0.3.1.1-alpha | Remotely triggerable assertion failure in relays | | |
|
|
|| TROVE-2017-004 || #22493 || High || 0.3.0.1-alpha ||0.3.0.8, 0.3.1.3-alpha || Remote assertion failure against hidden services || CVE-2017-0375 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2017-0375 tracker]) ||
|
|
| TROVE-2017-003 | #22268 | Low | 0.2.8.1-alpha | 0.2.8.14, 0.2.9.11, 0.3.0.8, 0.3.1.3-alpha | Impersonation of ~~a single~~ a few fallback directory mirrors | | [initial post](https://lists.torproject.org/pipermail/tor-relays/2017-May/012281.html) |
|
|
|| TROVE-2017-005 || #22494 || High || 0.2.2.1-alpha || 0.2.4.29, 0.2.5.14, 0.2.6.12, 0.2.7.8, 0.2.8.14, 0.2.9.11 0.3.0.8, 0.3.1.3-alpha || Remote assertion failure against hidden services || CVE-2017-0376 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2017-0376 tracker], [https://bugs.debian.org/864424 #864424] [https://www.debian.org/security/2017/dsa-3877 DSA-3877] [https://lists.debian.org/debian-lts-announce/2017/06/msg00011.html DLA-982-1])) ||
|
|
| TROVE-2017-004 | #22493 | High | 0.3.0.1-alpha |0.3.0.8, 0.3.1.3-alpha | Remote assertion failure against hidden services | CVE-2017-0375 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-0375)) |
|
|
|| TROVE-2017-006 || #22753 || Medium || 0.3.0.1-alpha || 0.3.0.9, 0.3.1.4-alpha || Path selection issue || CVE-2017-0377 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2017-0377 tracker] ) ||
|
|
| TROVE-2017-005 | #22494 | High | 0.2.2.1-alpha | 0.2.4.29, 0.2.5.14, 0.2.6.12, 0.2.7.8, 0.2.8.14, 0.2.9.11 0.3.0.8, 0.3.1.3-alpha | Remote assertion failure against hidden services | CVE-2017-0376 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-0376), [#864424](https://bugs.debian.org/864424) [DSA-3877](https://www.debian.org/security/2017/dsa-3877) [DLA-982-1](https://lists.debian.org/debian-lts-announce/2017/06/msg00011.html))) |
|
|
|| TROVE-2017-007 || #22789 || Medium || 0.2.3.8-alpha || 0.3.0.10, 0.3.1.5-alpha, ''0.2.5.15'', 0.2.8.15, 0.2.9.12 || Remote assertion failure on openbsd || || ||
|
|
| TROVE-2017-006 | #22753 | Medium | 0.3.0.1-alpha | 0.3.0.9, 0.3.1.4-alpha | Path selection issue | CVE-2017-0377 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-0377) ) |
|
|
|| TROVE-2017-008 || #23490 || Medium || 0.2.7.2-alpha || 0.2.8.15, 0.2.9.12, 0.3.0.11, 0.3.1.7 || Stack disclosure in hidden services logs when SafeLogging disabled || CVE-2017-0380 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2017-0380 tracker], [https://bugs.debian.org/876221 #876221]) ||
|
|
| TROVE-2017-007 | #22789 | Medium | 0.2.3.8-alpha | 0.3.0.10, 0.3.1.5-alpha, _0.2.5.15_, 0.2.8.15, 0.2.9.12 | Remote assertion failure on openbsd | | |
|
|
|| TROVE-2017-009 || #24244 || Medium || 0.2.4 and later || 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha || Replay-cache ineffective for v2 onion services. || CVE-2017-8819 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2017-8819 tracker], [https://www.debian.org/security/2017/dsa-4054 DSA-4054] )
|
|
| TROVE-2017-008 | #23490 | Medium | 0.2.7.2-alpha | 0.2.8.15, 0.2.9.12, 0.3.0.11, 0.3.1.7 | Stack disclosure in hidden services logs when SafeLogging disabled | CVE-2017-0380 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-0380), [#876221](https://bugs.debian.org/876221)) |
|
|
|| TROVE-2017-010 || #24245 || Medium || 0.2.9 and later || 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha || Remote DoS attack against directory authorities || CVE-2017-8820 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2017-8820 tracker], [https://www.debian.org/security/2017/dsa-4054 DSA-4054] )
|
|
| TROVE-2017-009 | #24244 | Medium | 0.2.4 and later | 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha | Replay-cache ineffective for v2 onion services. | CVE-2017-8819 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-8819), [DSA-4054](https://www.debian.org/security/2017/dsa-4054) )
|
|
|| TROVE-2017-011 || #24246 || High || all Tor versions || 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha || An attacker can make Tor ask for a password || CVE-2017-8821 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2017-8821 tracker], [https://www.debian.org/security/2017/dsa-4054 DSA-4054] )
|
|
| TROVE-2017-010 | #24245 | Medium | 0.2.9 and later | 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha | Remote DoS attack against directory authorities | CVE-2017-8820 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-8820), [DSA-4054](https://www.debian.org/security/2017/dsa-4054) )
|
|
|| TROVE-2017-012 || #24333 || Medium || 0.2.5 and later || 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha || Relays can pick themselves in a circuit path || CVE-2017-8822 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2017-8822 tracker], [https://www.debian.org/security/2017/dsa-4054 DSA-4054] )
|
|
| TROVE-2017-011 | #24246 | High | all Tor versions | 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha | An attacker can make Tor ask for a password | CVE-2017-8821 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-8821), [DSA-4054](https://www.debian.org/security/2017/dsa-4054) )
|
|
|| TROVE-2017-013 || #24430 || High || 0.2.7 and later || 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha || Use-after-free in onion service v2 || CVE-2017-8823 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2017-8823 tracker], [https://www.debian.org/security/2017/dsa-4054 DSA-4054] )
|
|
| TROVE-2017-012 | #24333 | Medium | 0.2.5 and later | 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha | Relays can pick themselves in a circuit path | CVE-2017-8822 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-8822), [DSA-4054](https://www.debian.org/security/2017/dsa-4054) )
|
|
|| TROVE-2018-001 || #25074 || Medium || 0.2.9.4-alpha || 0.2.9.15, 0.3.1.10, 0.3.2.10, 0.3.3.3-alpha || Remote assertion failure in directory authority protocol handling || CVE-2018-0490 || ||
|
|
| TROVE-2017-013 | #24430 | High | 0.2.7 and later | 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha | Use-after-free in onion service v2 | CVE-2017-8823 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-8823), [DSA-4054](https://www.debian.org/security/2017/dsa-4054) )
|
|
|| TROVE-2018-002 || #25117 || Medium || 0.3.2.1-alpha || 0.3.2.10, 0.3.3.2-alpha || Use-after-free in KIST scheduler || CVE-2018-0491 || ||
|
|
| TROVE-2018-001 | #25074 | Medium | 0.2.9.4-alpha | 0.2.9.15, 0.3.1.10, 0.3.2.10, 0.3.3.3-alpha | Remote assertion failure in directory authority protocol handling | CVE-2018-0490 | |
|
|
|| TROVE-2018-003 || #25250 || Low || 0.3.3.1-alpha || 0.3.3.3-alpha || Infinite loop in rust protover code || n/a || n/a
|
|
| TROVE-2018-002 | #25117 | Medium | 0.3.2.1-alpha | 0.3.2.10, 0.3.3.2-alpha | Use-after-free in KIST scheduler | CVE-2018-0491 | |
|
|
|| TROVE-2018-004 || #25251 || Low || 0.2.9.4-alpha || 0.2.9.15, 0.3.1.10, 0.3.2.10, 0.3.3.3-alpha || Crash on bad protocol information in consensus || n/a || n/a
|
|
| TROVE-2018-003 | #25250 | Low | 0.3.3.1-alpha | 0.3.3.3-alpha | Infinite loop in rust protover code | n/a | n/a
|
|
|| TROVE-2018-005 || #25517 || Medium/Low || 0.2.9.4-alpha || 0.3.3.6, 0.3.4.2-alpha || Memory exhaustion against directory authorities || n/a || n/a
|
|
| TROVE-2018-004 | #25251 | Low | 0.2.9.4-alpha | 0.2.9.15, 0.3.1.10, 0.3.2.10, 0.3.3.3-alpha | Crash on bad protocol information in consensus | n/a | n/a
|
|
|| TROVE-2018-006 || #28630 || n/a || n/a || n/a || false alarm || || ||
|
|
| TROVE-2018-005 | #25517 | Medium/Low | 0.2.9.4-alpha | 0.3.3.6, 0.3.4.2-alpha | Memory exhaustion against directory authorities | n/a | n/a
|
|
|| TROVE-2019-001 || #29168 || Medium || 0.3.2.1-alpha || 0.3.3.12, 0.3.4.11, 0.3.5.8, 0.4.0.2-alpha || Remote memory exhaustion attack due to KIST ignoring outbuf highwater marks || CVE-2019-8955 || ||
|
|
| TROVE-2018-006 | #28630 | n/a | n/a | n/a | false alarm | | |
|
|
|| TROVE-2020-001 || #33119 || Medium || || || || || || ||
|
|
| TROVE-2019-001 | #29168 | Medium | 0.3.2.1-alpha | 0.3.3.12, 0.3.4.11, 0.3.5.8, 0.4.0.2-alpha | Remote memory exhaustion attack due to KIST ignoring outbuf highwater marks | CVE-2019-8955 | |
|
|
|| TROVE-2020-002 || #33120 || High || 0.2.1.5-alpha || 0.3.5.10, 0.4.1.9, 0.4.2.7, 0.4.3.3-alpha || Remote CPU-based denial of service || CVE-2020-10592 || ||
|
|
| TROVE-2020-001 | #33119 | Medium | | | | | | |
|
|
|| TROVE-2020-003 || #33137 || Low || 0.3.3.1-alpha || 0.3.5.10, 0.4.1.9, 0.4.2.7, 0.4.3.3-alpha || Local crash, requires authenticated access to control port || n/a || || || ||
|
|
| TROVE-2020-002 | #33120 | High | 0.2.1.5-alpha | 0.3.5.10, 0.4.1.9, 0.4.2.7, 0.4.3.3-alpha | Remote CPU-based denial of service | CVE-2020-10592 | |
|
|
|| TROVE-2020-004 || #33619 || Medium || 0.4.0.1-alpha || 0.4.1.9, 0.4.2.7, 0.4.3.3-alpha || Remotely triggered memory leak || CVE-2020-10593 || ||
|
|
| TROVE-2020-003 | #33137 | Low | 0.3.3.1-alpha | 0.3.5.10, 0.4.1.9, 0.4.2.7, 0.4.3.3-alpha | Local crash, requires authenticated access to control port | n/a | | | |
|
|
|
|
| TROVE-2020-004 | #33619 | Medium | 0.4.0.1-alpha | 0.4.1.9, 0.4.2.7, 0.4.3.3-alpha | Remotely triggered memory leak | CVE-2020-10593 | |
|
|
|
|
|
|
Remember: please get CVE-Ids for everything of severity Medium or higher. To get a CVE-Id, visit https://cveform.mitre.org/ . |
|
Remember: please get CVE-Ids for everything of severity Medium or higher. To get a CVE-Id, visit https://cveform.mitre.org/ . |
|
|
|
\ No newline at end of file |