[3.7] tor: NULL pointer dereference via a misformatted relay descriptor (CVE-2018-0490)
An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10,
and 0.3.2.x before 0.3.2.10. The directory-authority
protocol-list subprotocol implementation allows remote attackers to
cause a denial of service (NULL pointer dereference
and directory-authority crash) via a misformatted relay descriptor that
is mishandled during voting.
Fixed In Version:
tor 0.2.9.15, tor 0.3.1.10, tor 0.3.2.10, tor 0.3.3.3-alpha
References:
https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915
https://trac.torproject.org/projects/tor/ticket/25074
https://nvd.nist.gov/vuln/detail/CVE-2018-0490
Patch:
https://gitweb.torproject.org/tor.git/commit/?id=65f2eec694f18a64291cc85317b9f22dacc1d8e4
(from redmine: issue id 8854, created on 2018-04-30, closed on 2018-05-23)
- Changesets:
- Revision 53f4e4e2 by Natanael Copa on 2018-05-23T09:57:11Z:
community/tor: security upgrade to 0.3.1.10 (CVE-2018-0490)
fixes #8854