Your submission was sent successfully! Close

CVE-2018-0491

Published: 05 March 2018

A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
tor
Launchpad, Ubuntu, Debian
Upstream
Released (0.3.2.10-1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (0.3.2.10-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)