Published: 04 January 2017
Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.
From the Ubuntu security team
It was discovered that Tor improperly NUL terminated data. An attacker could possibly use this to cause a crash and denial of service.
CVSS 3 base score: 7.5