OpenCVE

The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Torproject	Tor

Configuration 1 [-]

OR	cpe:2.3:a:torproject:tor::::::::
	cpe:2.3:a:torproject:tor:0.0.2:::::::*
	cpe:2.3:a:torproject:tor:0.0.2:pre13::::::
	cpe:2.3:a:torproject:tor:0.0.2:pre14::::::
	cpe:2.3:a:torproject:tor:0.0.2:pre15::::::
	cpe:2.3:a:torproject:tor:0.0.2:pre16::::::
	cpe:2.3:a:torproject:tor:0.0.2:pre17::::::
	cpe:2.3:a:torproject:tor:0.0.2:pre18::::::
	cpe:2.3:a:torproject:tor:0.0.2:pre19::::::
	cpe:2.3:a:torproject:tor:0.0.2:pre20::::::
	cpe:2.3:a:torproject:tor:0.0.2:pre21::::::
	cpe:2.3:a:torproject:tor:0.0.2:pre22::::::
	cpe:2.3:a:torproject:tor:0.0.2:pre23::::::
	cpe:2.3:a:torproject:tor:0.0.2:pre24::::::
	cpe:2.3:a:torproject:tor:0.0.2:pre25::::::
	cpe:2.3:a:torproject:tor:0.0.2:pre26::::::
	cpe:2.3:a:torproject:tor:0.0.2:pre27::::::
	cpe:2.3:a:torproject:tor:0.0.3:::::::*
	cpe:2.3:a:torproject:tor:0.0.4:::::::*
	cpe:2.3:a:torproject:tor:0.0.5:::::::*
	cpe:2.3:a:torproject:tor:0.0.6:::::::*
	cpe:2.3:a:torproject:tor:0.0.6.1:::::::*
	cpe:2.3:a:torproject:tor:0.0.6.2:::::::*
	cpe:2.3:a:torproject:tor:0.0.7:::::::*
	cpe:2.3:a:torproject:tor:0.0.7.1:::::::*
	cpe:2.3:a:torproject:tor:0.0.7.2:::::::*
	cpe:2.3:a:torproject:tor:0.0.7.3:::::::*
	cpe:2.3:a:torproject:tor:0.0.8.1:::::::*
	cpe:2.3:a:torproject:tor:0.0.9.1:::::::*
	cpe:2.3:a:torproject:tor:0.0.9.2:::::::*
	cpe:2.3:a:torproject:tor:0.0.9.3:::::::*
	cpe:2.3:a:torproject:tor:0.0.9.4:::::::*
	cpe:2.3:a:torproject:tor:0.0.9.5:::::::*
	cpe:2.3:a:torproject:tor:0.0.9.6:::::::*
	cpe:2.3:a:torproject:tor:0.0.9.7:::::::*
	cpe:2.3:a:torproject:tor:0.0.9.8:::::::*
	cpe:2.3:a:torproject:tor:0.0.9.9:::::::*
	cpe:2.3:a:torproject:tor:0.0.9.10:::::::*
	cpe:2.3:a:torproject:tor:0.1.0.10:::::::*
	cpe:2.3:a:torproject:tor:0.1.0.11:::::::*
	cpe:2.3:a:torproject:tor:0.1.0.12:::::::*
	cpe:2.3:a:torproject:tor:0.1.0.13:::::::*
	cpe:2.3:a:torproject:tor:0.1.0.14:::::::*
	cpe:2.3:a:torproject:tor:0.1.0.15:::::::*
	cpe:2.3:a:torproject:tor:0.1.0.16:::::::*
	cpe:2.3:a:torproject:tor:0.1.0.17:::::::*
	cpe:2.3:a:torproject:tor:0.1.1.20:::::::*
	cpe:2.3:a:torproject:tor:0.1.1.21:::::::*
	cpe:2.3:a:torproject:tor:0.1.1.22:::::::*
	cpe:2.3:a:torproject:tor:0.1.1.23:::::::*
	cpe:2.3:a:torproject:tor:0.1.1.24:::::::*
	cpe:2.3:a:torproject:tor:0.1.1.25:::::::*
	cpe:2.3:a:torproject:tor:0.1.1.26:::::::*
	cpe:2.3:a:torproject:tor:0.1.2.13:::::::*
	cpe:2.3:a:torproject:tor:0.1.2.14:::::::*
	cpe:2.3:a:torproject:tor:0.1.2.15:::::::*
	cpe:2.3:a:torproject:tor:0.1.2.16:::::::*
	cpe:2.3:a:torproject:tor:0.1.2.17:::::::*
	cpe:2.3:a:torproject:tor:0.1.2.18:::::::*
	cpe:2.3:a:torproject:tor:0.1.2.19:::::::*
	cpe:2.3:a:torproject:tor:0.2.0.30:::::::*
	cpe:2.3:a:torproject:tor:0.2.0.31:::::::*
	cpe:2.3:a:torproject:tor:0.2.0.32:::::::*
	cpe:2.3:a:torproject:tor:0.2.0.33:::::::*
cpe:2.3:a:torproject:tor:0.2.0.34:::::::*
cpe:2.3:a:torproject:tor:0.2.0.35:::::::*
cpe:2.3:a:torproject:tor:0.2.2.18:::::::*
cpe:2.3:a:torproject:tor:0.2.2.19:::::::*
cpe:2.3:a:torproject:tor:0.2.2.20:::::::*
cpe:2.3:a:torproject:tor:0.2.2.21:::::::*
cpe:2.3:a:torproject:tor:0.2.2.22:::::::*
cpe:2.3:a:torproject:tor:0.2.2.23:::::::*
cpe:2.3:a:torproject:tor:0.2.2.24:::::::*
cpe:2.3:a:torproject:tor:0.2.2.25:::::::*
cpe:2.3:a:torproject:tor:0.2.2.26:::::::*
cpe:2.3:a:torproject:tor:0.2.2.27:::::::*
cpe:2.3:a:torproject:tor:0.2.2.28:::::::*
cpe:2.3:a:torproject:tor:0.2.2.29:::::::*
cpe:2.3:a:torproject:tor:0.2.2.30:::::::*
cpe:2.3:a:torproject:tor:0.2.2.31:::::::*
cpe:2.3:a:torproject:tor:0.2.2.32:::::::*
cpe:2.3:a:torproject:tor:0.2.2.33:::::::*
cpe:2.3:a:torproject:tor:0.2.2.34:::::::*
cpe:2.3:a:torproject:tor:0.2.2.35:::::::*
cpe:2.3:a:torproject:tor:0.2.2.36:::::::*
cpe:2.3:a:torproject:tor:0.2.2.37:::::::*
cpe:2.3:a:torproject:tor:0.2.3:::::::*
cpe:2.3:a:torproject:tor:0.2.3.13:alpha::::::
cpe:2.3:a:torproject:tor:0.2.3.14:alpha::::::
cpe:2.3:a:torproject:tor:0.2.3.15:alpha::::::
cpe:2.3:a:torproject:tor:0.2.3.16:alpha::::::
cpe:2.3:a:torproject:tor:0.2.3.17:beta::::::
cpe:2.3:a:torproject:tor:0.2.3.18:rc::::::
cpe:2.3:a:torproject:tor:0.2.3.19:rc::::::
cpe:2.3:a:torproject:tor:0.2.3.20:rc::::::

No data.

References

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088006.html
http://lists.opensuse.org/opensuse-updates/2012-10/msg00005.html
http://openwall.com/lists/oss-security/2012/09/13/2
http://secunia.com/advisories/50583
http://security.gentoo.org/glsa/glsa-201301-03.xml
https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes
https://gitweb.torproject.org/tor.git/commit/62d96284f7e0f81c40d5df7e53dd7b4dfe7e56a5
https://lists.torproject.org/pipermail/tor-talk/2012-September/025434.html
https://trac.torproject.org/projects/tor/ticket/6690

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-09-14T18:00:00

Updated: 2024-08-06T20:35:09.606Z

Reserved: 2012-08-21T00:00:00

Link: CVE-2012-4419

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-09-14T18:55:04.917

Modified: 2024-11-21T01:42:50.947

Link: CVE-2012-4419

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object