... | ... | @@ -15,31 +15,31 @@ release the patch once we believe it works. |
|
|
|
|
|
| TROVE ID | Ticket | Severity | Bug In | Fix In | Synopsis | [CVE Id](https://cve.mitre.org/) | Extra |
|
|
|
|-------------------|-----------------|------------|------------------|----------------------------------------------------------------------------------|------------------------------------------------------------------------------|----------------------------------|-------|
|
|
|
| TROVE-2016-10-001 | #20384 , #20894 | Medium | 0.2.0.16-alpha | 0.2.4,28, 0.2.5.13, 0.2.6.11 0.2.7.7, 0.2.8.9, 0.2.9.4-alpha | `buf_t` buffer read beyond end | CVE-2016-8860 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2016-8860) [DSA-3694](https://www.debian.org/security/2016/dsa-3694) [DLA-663-1](https://lists.debian.org/debian-lts-announce/2016/10/msg00019.html)) |
|
|
|
| TROVE-2016-12-002 | #21018 | Medium | 0.2.0.8-alpha | 0.2.4.28, 0.2.5.13, 0.2.6.11, 0.2.7.7, 0.2.8.12, 0.2.9.8 0.3.0.1-alpha | parse HS descs one byte past end | CVE-2016-1254 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2016-1254) [DSA-3741](https://www.debian.org/security/2016/dsa-3741) [DLA-754-1](https://lists.debian.org/debian-lts-announce/2016/12/msg00030.html)) |
|
|
|
| TROVE-2017-001 | #21278 | Medium | 0.0.8pre1 | 0.2.4.28, 0.2.5.13, 0.2.6.11, 0.2.7.7, 0.2.8.13, 0.2.9.10, 0.3.0.4-rc, | Signed integer overflow when comparing versions | | |
|
|
|
| TROVE-2017-002 | #22253, #22246 | Medium | 0.3.0.1-alpha | 0.3.0.7, 0.3.1.1-alpha | Remotely triggerable assertion failure in relays | | |
|
|
|
| TROVE-2017-003 | #22268 | Low | 0.2.8.1-alpha | 0.2.8.14, 0.2.9.11, 0.3.0.8, 0.3.1.3-alpha | Impersonation of ~~a single~~ a few fallback directory mirrors | | [initial post](https://lists.torproject.org/pipermail/tor-relays/2017-May/012281.html) |
|
|
|
| TROVE-2017-004 | #22493 | High | 0.3.0.1-alpha | 0.3.0.8, 0.3.1.3-alpha | Remote assertion failure against hidden services | CVE-2017-0375 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-0375)) |
|
|
|
| TROVE-2017-005 | #22494 | High | 0.2.2.1-alpha | 0.2.4.29, 0.2.5.14, 0.2.6.12, 0.2.7.8, 0.2.8.14, 0.2.9.11 0.3.0.8, 0.3.1.3-alpha | Remote assertion failure against hidden services | CVE-2017-0376 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-0376), [#864424](https://bugs.debian.org/864424) [DSA-3877](https://www.debian.org/security/2017/dsa-3877) [DLA-982-1](https://lists.debian.org/debian-lts-announce/2017/06/msg00011.html))) |
|
|
|
| TROVE-2017-006 | #22753 | Medium | 0.3.0.1-alpha | 0.3.0.9, 0.3.1.4-alpha | Path selection issue | CVE-2017-0377 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-0377) ) |
|
|
|
| TROVE-2017-007 | #22789 | Medium | 0.2.3.8-alpha | 0.3.0.10, 0.3.1.5-alpha, _0.2.5.15_, 0.2.8.15, 0.2.9.12 | Remote assertion failure on openbsd | | |
|
|
|
| TROVE-2017-008 | #23490 | Medium | 0.2.7.2-alpha | 0.2.8.15, 0.2.9.12, 0.3.0.11, 0.3.1.7 | Stack disclosure in hidden services logs when SafeLogging disabled | CVE-2017-0380 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-0380), [#876221](https://bugs.debian.org/876221)) |
|
|
|
| TROVE-2017-009 | #24244 | Medium | 0.2.4 and later | 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha | Replay-cache ineffective for v2 onion services. | CVE-2017-8819 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-8819), [DSA-4054](https://www.debian.org/security/2017/dsa-4054) ) |
|
|
|
| TROVE-2017-010 | #24245 | Medium | 0.2.9 and later | 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha | Remote DoS attack against directory authorities | CVE-2017-8820 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-8820), [DSA-4054](https://www.debian.org/security/2017/dsa-4054) ) |
|
|
|
| TROVE-2017-011 | #24246 | High | all Tor versions | 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha | An attacker can make Tor ask for a password | CVE-2017-8821 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-8821), [DSA-4054](https://www.debian.org/security/2017/dsa-4054) ) |
|
|
|
| TROVE-2017-012 | #24333 | Medium | 0.2.5 and later | 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha | Relays can pick themselves in a circuit path | CVE-2017-8822 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-8822), [DSA-4054](https://www.debian.org/security/2017/dsa-4054) ) |
|
|
|
| TROVE-2017-013 | #24430 | High | 0.2.7 and later | 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha | Use-after-free in onion service v2 | CVE-2017-8823 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-8823), [DSA-4054](https://www.debian.org/security/2017/dsa-4054) ) |
|
|
|
| TROVE-2018-001 | #25074 | Medium | 0.2.9.4-alpha | 0.2.9.15, 0.3.1.10, 0.3.2.10, 0.3.3.3-alpha | Remote assertion failure in directory authority protocol handling | CVE-2018-0490 | |
|
|
|
| TROVE-2018-002 | #25117 | Medium | 0.3.2.1-alpha | 0.3.2.10, 0.3.3.2-alpha | Use-after-free in KIST scheduler | CVE-2018-0491 | |
|
|
|
| TROVE-2018-003 | #25250 | Low | 0.3.3.1-alpha | 0.3.3.3-alpha | Infinite loop in rust protover code | n/a | |
|
|
|
| TROVE-2018-004 | #25251 | Low | 0.2.9.4-alpha | 0.2.9.15, 0.3.1.10, 0.3.2.10, 0.3.3.3-alpha | Crash on bad protocol information in consensus | n/a | |
|
|
|
| TROVE-2018-005 | #25517 | Medium/Low | 0.2.9.4-alpha | 0.3.3.6, 0.3.4.2-alpha | Memory exhaustion against directory authorities | n/a | |
|
|
|
| TROVE-2018-006 | #28630 | n/a | n/a | n/a | false alarm | | |
|
|
|
| TROVE-2019-001 | #29168 | Medium | 0.3.2.1-alpha | 0.3.3.12, 0.3.4.11, 0.3.5.8, 0.4.0.2-alpha | Remote memory exhaustion attack due to KIST ignoring outbuf highwater marks | CVE-2019-8955 | |
|
|
|
| TROVE-2020-001 | #33119 | Medium | 0.3.5.1-alpha | 0.3.5.11, 0.4.2.8, 0.4.3.6, 0.4.4.2-alpha | Remote crash against Tor built with NSS | CVE-2020-15572 | |
|
|
|
| TROVE-2020-002 | #33120 | High | 0.2.1.5-alpha | 0.3.5.10, 0.4.1.9, 0.4.2.7, 0.4.3.3-alpha | Remote CPU-based denial of service | CVE-2020-10592 | |
|
|
|
| TROVE-2020-003 | #33137 | Low | 0.3.3.1-alpha | 0.3.5.10, 0.4.1.9, 0.4.2.7, 0.4.3.3-alpha | Local crash, requires authenticated access to control port | n/a | |
|
|
|
| TROVE-2020-004 | #33619 | Medium | 0.4.0.1-alpha | 0.4.1.9, 0.4.2.7, 0.4.3.3-alpha | Remotely triggered memory leak | CVE-2020-10593 | |
|
|
|
| TROVE-2016-10-001 | tor#20384, tor#20894 | Medium | 0.2.0.16-alpha | 0.2.4,28, 0.2.5.13, 0.2.6.11 0.2.7.7, 0.2.8.9, 0.2.9.4-alpha | `buf_t` buffer read beyond end | CVE-2016-8860 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2016-8860) [DSA-3694](https://www.debian.org/security/2016/dsa-3694) [DLA-663-1](https://lists.debian.org/debian-lts-announce/2016/10/msg00019.html)) |
|
|
|
| TROVE-2016-12-002 | tor#21018 | Medium | 0.2.0.8-alpha | 0.2.4.28, 0.2.5.13, 0.2.6.11, 0.2.7.7, 0.2.8.12, 0.2.9.8 0.3.0.1-alpha | parse HS descs one byte past end | CVE-2016-1254 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2016-1254) [DSA-3741](https://www.debian.org/security/2016/dsa-3741) [DLA-754-1](https://lists.debian.org/debian-lts-announce/2016/12/msg00030.html)) |
|
|
|
| TROVE-2017-001 | tor#21278 | Medium | 0.0.8pre1 | 0.2.4.28, 0.2.5.13, 0.2.6.11, 0.2.7.7, 0.2.8.13, 0.2.9.10, 0.3.0.4-rc, | Signed integer overflow when comparing versions | | |
|
|
|
| TROVE-2017-002 | tor#22253, tor#22246 | Medium | 0.3.0.1-alpha | 0.3.0.7, 0.3.1.1-alpha | Remotely triggerable assertion failure in relays | | |
|
|
|
| TROVE-2017-003 | tor#22268 | Low | 0.2.8.1-alpha | 0.2.8.14, 0.2.9.11, 0.3.0.8, 0.3.1.3-alpha | Impersonation of ~~a single~~ a few fallback directory mirrors | | [initial post](https://lists.torproject.org/pipermail/tor-relays/2017-May/012281.html) |
|
|
|
| TROVE-2017-004 | tor#22493 | High | 0.3.0.1-alpha | 0.3.0.8, 0.3.1.3-alpha | Remote assertion failure against hidden services | CVE-2017-0375 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-0375)) |
|
|
|
| TROVE-2017-005 | tor#22494 | High | 0.2.2.1-alpha | 0.2.4.29, 0.2.5.14, 0.2.6.12, 0.2.7.8, 0.2.8.14, 0.2.9.11 0.3.0.8, 0.3.1.3-alpha | Remote assertion failure against hidden services | CVE-2017-0376 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-0376), [#864424](https://bugs.debian.org/864424) [DSA-3877](https://www.debian.org/security/2017/dsa-3877) [DLA-982-1](https://lists.debian.org/debian-lts-announce/2017/06/msg00011.html))) |
|
|
|
| TROVE-2017-006 | tor#22753 | Medium | 0.3.0.1-alpha | 0.3.0.9, 0.3.1.4-alpha | Path selection issue | CVE-2017-0377 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-0377) ) |
|
|
|
| TROVE-2017-007 | tor#22789 | Medium | 0.2.3.8-alpha | 0.3.0.10, 0.3.1.5-alpha, _0.2.5.15_, 0.2.8.15, 0.2.9.12 | Remote assertion failure on openbsd | | |
|
|
|
| TROVE-2017-008 | tor#23490 | Medium | 0.2.7.2-alpha | 0.2.8.15, 0.2.9.12, 0.3.0.11, 0.3.1.7 | Stack disclosure in hidden services logs when SafeLogging disabled | CVE-2017-0380 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-0380), [#876221](https://bugs.debian.org/876221)) |
|
|
|
| TROVE-2017-009 | tor#24244 | Medium | 0.2.4 and later | 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha | Replay-cache ineffective for v2 onion services. | CVE-2017-8819 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-8819), [DSA-4054](https://www.debian.org/security/2017/dsa-4054) ) |
|
|
|
| TROVE-2017-010 | tor#24245 | Medium | 0.2.9 and later | 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha | Remote DoS attack against directory authorities | CVE-2017-8820 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-8820), [DSA-4054](https://www.debian.org/security/2017/dsa-4054) ) |
|
|
|
| TROVE-2017-011 | tor#24246 | High | all Tor versions | 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha | An attacker can make Tor ask for a password | CVE-2017-8821 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-8821), [DSA-4054](https://www.debian.org/security/2017/dsa-4054) ) |
|
|
|
| TROVE-2017-012 | tor#24333 | Medium | 0.2.5 and later | 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha | Relays can pick themselves in a circuit path | CVE-2017-8822 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-8822), [DSA-4054](https://www.debian.org/security/2017/dsa-4054) ) |
|
|
|
| TROVE-2017-013 | tor#24430 | High | 0.2.7 and later | 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha | Use-after-free in onion service v2 | CVE-2017-8823 | (Debian: [tracker](https://security-tracker.debian.org/tracker/CVE-2017-8823), [DSA-4054](https://www.debian.org/security/2017/dsa-4054) ) |
|
|
|
| TROVE-2018-001 | tor#25074 | Medium | 0.2.9.4-alpha | 0.2.9.15, 0.3.1.10, 0.3.2.10, 0.3.3.3-alpha | Remote assertion failure in directory authority protocol handling | CVE-2018-0490 | |
|
|
|
| TROVE-2018-002 | tor#25117 | Medium | 0.3.2.1-alpha | 0.3.2.10, 0.3.3.2-alpha | Use-after-free in KIST scheduler | CVE-2018-0491 | |
|
|
|
| TROVE-2018-003 | tor#25250 | Low | 0.3.3.1-alpha | 0.3.3.3-alpha | Infinite loop in rust protover code | n/a | |
|
|
|
| TROVE-2018-004 | tor#25251 | Low | 0.2.9.4-alpha | 0.2.9.15, 0.3.1.10, 0.3.2.10, 0.3.3.3-alpha | Crash on bad protocol information in consensus | n/a | |
|
|
|
| TROVE-2018-005 | tor#25517 | Medium/Low | 0.2.9.4-alpha | 0.3.3.6, 0.3.4.2-alpha | Memory exhaustion against directory authorities | n/a | |
|
|
|
| TROVE-2018-006 | tor#28630 | n/a | n/a | n/a | false alarm | | |
|
|
|
| TROVE-2019-001 | tor#29168 | Medium | 0.3.2.1-alpha | 0.3.3.12, 0.3.4.11, 0.3.5.8, 0.4.0.2-alpha | Remote memory exhaustion attack due to KIST ignoring outbuf highwater marks | CVE-2019-8955 | |
|
|
|
| TROVE-2020-001 | tor#33119 | Medium | 0.3.5.1-alpha | 0.3.5.11, 0.4.2.8, 0.4.3.6, 0.4.4.2-alpha | Remote crash against Tor built with NSS | CVE-2020-15572 | |
|
|
|
| TROVE-2020-002 | tor#33120 | High | 0.2.1.5-alpha | 0.3.5.10, 0.4.1.9, 0.4.2.7, 0.4.3.3-alpha | Remote CPU-based denial of service | CVE-2020-10592 | |
|
|
|
| TROVE-2020-003 | tor#33137 | Low | 0.3.3.1-alpha | 0.3.5.10, 0.4.1.9, 0.4.2.7, 0.4.3.3-alpha | Local crash, requires authenticated access to control port | n/a | |
|
|
|
| TROVE-2020-004 | tor#33619 | Medium | 0.4.0.1-alpha | 0.4.1.9, 0.4.2.7, 0.4.3.3-alpha | Remotely triggered memory leak | CVE-2020-10593 | |
|
|
|
|
|
|
Remember: please get CVE-Ids for everything of severity Medium or higher. To get a CVE-Id, visit https://cveform.mitre.org/ . |