Skip to content

GitLab

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed
Created by Nick Mathewson@nickm🍓Owner

Resolve TROVE-2020-001 (denial-of-service against Tor built with NSS)

TROVE-2020-001 is a denial of service issue that affects Tor users running versions of Tor built with NSS. (Building with NSS is not the default.)

When running an affected version of Tor, either as a relay or a client, Tor will crash under certain circumstances when performing a certificate comparison during our connection handshake. Any party who performs a handshake with a Tor instance can remotely trigger this bug: this means that anybody can crash an affected relay remotely, while affected clients can be crashed by their guards.

The root cause is an out-of-bounds comparison due to an API mismatch -- NSS was telling us a number of bits, but we were expecting it to tell us a number of bytes.

This issue affects all supported versions when they are compiled with NSS. A fix will appear in today's releases (0.3.5.11, 0.4.2.8, 0.4.3.6, and 0.4.4.2-alpha).

This is also tracked as CVE-2020-15572

Edited by Nick Mathewson
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information