CVE-2020-15572

Published: Jul 15, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.

Affected (5)

Products: Torproject: Tor

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Torproject Tor	Before 0.3.5.11
Torproject Tor	After 0.4.2.0 to 0.4.2.8
Torproject Tor	After 0.4.3.0 to 0.4.3.6
Torproject Tor	Version 0.4.4.0 alpha
Torproject Tor	Version 0.4.4.1 alpha

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (6)

https://blog.torproject.org/new-release-tor-03511-0428-0436-security-fixes

Source: cve@mitre.org

Release NotesVendor Advisory

https://gitlab.torproject.org/tpo/core/tor/-/issues/33119

Source: cve@mitre.org

Vendor Advisory

https://trac.torproject.org/projects/tor/wiki/TROVE

Source: cve@mitre.org

Vendor Advisory

https://blog.torproject.org/new-release-tor-03511-0428-0436-security-fixes

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://gitlab.torproject.org/tpo/core/tor/-/issues/33119

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://trac.torproject.org/projects/tor/wiki/TROVE

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.