Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.
References
Link | Resource |
---|---|
https://blog.torproject.org/node/2009 | Release Notes Vendor Advisory |
https://gitlab.torproject.org/tpo/core/tor/-/issues/40304 | Vendor Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPDXB2GZHG3VNOTWSXQ3QZVHNV76WCU5/ | |
https://security.gentoo.org/glsa/202107-25 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Nov 2023, 03:32
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
16 May 2022, 21:06
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Mar 2021, 15:06
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://gitlab.torproject.org/tpo/core/tor/-/issues/40304 - Vendor Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPDXB2GZHG3VNOTWSXQ3QZVHNV76WCU5/ - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://blog.torproject.org/node/2009 - Release Notes, Vendor Advisory | |
CPE | cpe:2.3:a:torproject:tor:0.4.4.2:alpha:*:*:*:*:*:* cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:a:torproject:tor:0.4.4.1:alpha:*:*:*:*:*:* cpe:2.3:a:torproject:tor:0.4.4.3:alpha:*:*:*:*:*:* cpe:2.3:a:torproject:tor:0.4.4.0:alpha:*:*:*:*:*:* |
|
CWE | CWE-400 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
24 Mar 2021, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Mar 2021, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-19 05:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-28089
Mitre link : CVE-2021-28089
CVE.ORG link : CVE-2021-28089
JSON object : View
Products Affected
torproject
- tor
fedoraproject
- fedora
CWE
CWE-400
Uncontrolled Resource Consumption