[ASA-202106-50] tor: denial of service
diabonas at archlinux.org
Thu Jun 24 16:20:08 UTC 2021
Arch Linux Security Advisory ASA-202106-50
Date : 2021-06-22
CVE-ID : CVE-2021-34548 CVE-2021-34549 CVE-2021-34550
Package : tor
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-2075
The package tor before version 0.4.5.9-1 is vulnerable to denial of
Upgrade to 0.4.5.9-1.
# pacman -Syu "tor>=0.4.5.9-1"
The problems have been fixed upstream in version 0.4.5.9.
- CVE-2021-34548 (denial of service)
A security issue has been found in Tor before version 0.4.5.9. Relays
could spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams
because clients failed to validate which hop sent these cells. This
would allow a relay on a circuit to end a stream that wasn't actually
built with it.
- CVE-2021-34549 (denial of service)
A security issue has been found in Tor before version 0.4.5.9 that
could be exploited for a hashtable-based CPU denial-of-service attack
against relays. Previously a naive unkeyed hash function to look up
circuits in a circuitmux object was used. An attacker could exploit
this to construct circuits with chosen circuit IDs, to create
collisions and make the hash table inefficient. Now a SipHash
construction is used instead.
- CVE-2021-34550 (denial of service)
A security issue has been found in Tor before version 0.4.5.9. An out-
of-bounds memory access in the v3 onion service descriptor parsing
could be exploited by crafting an onion service descriptor that would
crash any client that tried to visit it.
A malicious relay could terminate client connections through crafted
cells, leading to denial of service. A malicious client could cause
denial of service on a relay through high resource usage using crafted
circuit IDs. Lastly, clients could be crashed through crafted onion
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the arch-security