← Back

CVE-2021-28089

nvd nist
Published: Mar 19, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.

Affected (8)

Torproject
1 product
Tor
Fedoraproject
1 product
Fedora
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Torproject
Tor
Before 0.3.5.14
Tor
From 0.4.4.4 to 0.4.4.8
Tor
From 0.4.5.0 to 0.4.5.7
Tor
Version 0.4.4.0 alpha
Tor
Version 0.4.4.1 alpha
Tor
Version 0.4.4.2 alpha
Tor
Version 0.4.4.3 alpha
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 33

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (8)

Source: cve@mitre.org
Release NotesVendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.