Published: 09 June 2017
The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit.
From the Ubuntu security team
It was discovered that an assertion failure could cause Tor to exit resulting in a denial of service.
CVSS 3 base score: 7.5
introduced in 0.2.2.1-alpha