CVE-2016-8860
Published: 4 January 2017
Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.
From the Ubuntu Security Team
It was discovered that Tor improperly NUL terminated data. An attacker could possibly use this to cause a crash and denial of service.
Priority
Status
Package | Release | Status |
---|---|---|
tor Launchpad, Ubuntu, Debian |
cosmic |
Not vulnerable
(0.2.8.9-1ubuntu1)
|
precise |
Ignored
(end of life)
|
|
trusty |
Released
(0.2.4.27-1ubuntu0.1)
|
|
upstream |
Released
(0.2.8.9-1)
|
|
xenial |
Not vulnerable
(0.2.8.9-1ubuntu1)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Not vulnerable
(0.2.8.9-1ubuntu1)
|
|
artful |
Not vulnerable
(0.2.8.9-1ubuntu1)
|
|
bionic |
Not vulnerable
(0.2.8.9-1ubuntu1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8860
- https://trac.torproject.org/projects/tor/ticket/20384
- https://blog.torproject.org/blog/tor-0289-released-important-fixes
- https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57ce
- http://www.openwall.com/lists/oss-security/2016/10/18/11
- NVD
- Launchpad
- Debian