[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #25117 [Core Tor/Tor]: Resolve TROVE-2018-002: bug 24700 KIST use-after-free can be remotely triggered (was: Resolve TROVE-2018-002)
#25117: Resolve TROVE-2018-002: bug 24700 KIST use-after-free can be remotely
triggered
--------------------------+------------------------------------
Reporter: nickm | Owner: nickm
Type: defect | Status: closed
Priority: High | Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution: fixed
Keywords: 033-must | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------------
Changes (by nickm):
* status: assigned => closed
* resolution: => fixed
Old description:
New description:
The use-after free KIST bug that we fixed as #24700 can, it turns out, be
triggered remotely, causing relays to crash.
This bug only affects relays and bridges, and only if they are running
0.3.2.1-alpha through 0.3.2.9, or 0.3.3.1-alpha. It is fixed in 0.3.2.10
and 0.3.3.2-alpha.
Tracked as TROVE-2018-002 and CVE-2018-0491.
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25117#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs