Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Tor Tor
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 325
    • Issues 325
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 30
    • Merge requests 30
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Core
  • TorTor
  • Issues
  • #33119
Closed
Open
Issue created Jan 31, 2020 by Nick Mathewson@nickm🌻Owner

Resolve TROVE-2020-001 (denial-of-service against Tor built with NSS)

TROVE-2020-001 is a denial of service issue that affects Tor users running versions of Tor built with NSS. (Building with NSS is not the default.)

When running an affected version of Tor, either as a relay or a client, Tor will crash under certain circumstances when performing a certificate comparison during our connection handshake. Any party who performs a handshake with a Tor instance can remotely trigger this bug: this means that anybody can crash an affected relay remotely, while affected clients can be crashed by their guards.

The root cause is an out-of-bounds comparison due to an API mismatch -- NSS was telling us a number of bits, but we were expecting it to tell us a number of bytes.

This issue affects all supported versions when they are compiled with NSS. A fix will appear in today's releases (0.3.5.11, 0.4.2.8, 0.4.3.6, and 0.4.4.2-alpha).

This is also tracked as CVE-2020-15572

Edited Jul 09, 2020 by Nick Mathewson
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking