Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00045.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00052.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202003-50 | Third Party Advisory |
https://trac.torproject.org/projects/tor/ticket/33619 | Issue Tracking Third Party Advisory |
Configurations
History
03 Feb 2023, 19:36
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:* |
|
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00045.html - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00052.html - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202003-50 - Third Party Advisory | |
First Time |
Opensuse
Opensuse leap Opensuse backports Sle |
Information
Published : 2020-03-23 13:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-10593
Mitre link : CVE-2020-10593
CVE.ORG link : CVE-2020-10593
JSON object : View
Products Affected
opensuse
- backports_sle
- leap
torproject
- tor
CWE
CWE-401
Missing Release of Memory after Effective Lifetime