CVE-2017-0376

Published: 09 June 2017

The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit.

From the Ubuntu security team

It was discovered that an assertion failure could cause Tor to exit resulting in a denial of service.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
tor
Launchpad, Ubuntu, Debian
Upstream
Released (0.3.0.8, 0.2.9.11)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(0.3.0.8-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(0.2.9.11-1~deb9u1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (0.2.4.27-1ubuntu0.1)