Vulnerability Description
A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Torproject | Tor | >= 0.3.2.0, < 0.3.2.10 |
Related Weaknesses (CWE)
References
- https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-preveVendor Advisory
- https://trac.torproject.org/projects/tor/ticket/24700Issue TrackingMitigationVendor Advisory
- https://trac.torproject.org/projects/tor/ticket/25117Issue TrackingPatchVendor Advisory
- https://www.exploit-db.com/exploits/44994/ExploitThird Party AdvisoryVDB Entry
- https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-preveVendor Advisory
- https://trac.torproject.org/projects/tor/ticket/24700Issue TrackingMitigationVendor Advisory
- https://trac.torproject.org/projects/tor/ticket/25117Issue TrackingPatchVendor Advisory
- https://www.exploit-db.com/exploits/44994/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2018-0491?
CVE-2018-0491 is a vulnerability with a CVSS score of 7.5 (HIGH). A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added...
How severe is CVE-2018-0491?
CVE-2018-0491 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0491?
Check the references section above for vendor advisories and patch information. Affected products include: Torproject Tor.