7.5
CVE-2018-0490
- EPSS 1.04%
- Veröffentlicht 05.03.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:38:20
- Quelle security@debian.org
- CVE-Watchlists
- Unerledigt
LoginAn issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service (NULL pointer dereference and directory-authority crash) via a misformatted relay descriptor that is mishandled during voting.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Torproject ≫ Tor Version <= 0.2.9.14
Torproject ≫ Tor Version >= 0.3.1.7 <= 0.3.1.9
Torproject ≫ Tor Version0.3.1.1 Updatealpha
Torproject ≫ Tor Version0.3.1.2 Updatealpha
Torproject ≫ Tor Version0.3.1.3 Updatealpha
Torproject ≫ Tor Version0.3.1.4 Updatealpha
Torproject ≫ Tor Version0.3.1.5 Updatealpha
Torproject ≫ Tor Version0.3.1.6 Updaterc
Torproject ≫ Tor Version0.3.2.1 Updatealpha
Torproject ≫ Tor Version0.3.2.2 Updatealpha
Torproject ≫ Tor Version0.3.2.3 Updatealpha
Torproject ≫ Tor Version0.3.2.4 Updatealpha
Torproject ≫ Tor Version0.3.2.5 Updatealpha
Torproject ≫ Tor Version0.3.2.6 Updatealpha
Torproject ≫ Tor Version0.3.2.7 Updaterc
Torproject ≫ Tor Version0.3.2.8 Updaterc
Torproject ≫ Tor Version0.3.2.9
Debian ≫ Debian Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.04% | 0.767 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.