Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2012-5573
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial of service (memory consumption or excessive cell reception rate) or bypass intended flow-control restrictions via a RELAY_COMMAND_SENDME command..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 5/10
- Exploit Score
- 10/10
- Access Vector
- Network
- Access Complexity
- Low
- Authentication Required
- None
- Impact Score
- 2.9/10
- Confidentiality Impact
- None
- Availability Impact
- Partial
- Integrity Impact
- None
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:torproject:tor:0.2.0.33:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.1.1.22:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.9.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.2.35:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.2.29:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.9.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.1.1.20:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.2:pre14:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.0.35:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.2.32:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.2:pre17:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.1.1.23:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.3.23:rc:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.2.24:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.2.37:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.1.0.14:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.1.2.15:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.2.21:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.3.13:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.6.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.8.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.1.0.11:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.9.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.1.2.14:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.0.30:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.7.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.9.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.2.19:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.2:pre26:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.1.0.15:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.1.1.24:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.6.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.2.28:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.2.23:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.3.20:rc:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.1.0.16:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.2.18:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.2.22:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.2.27:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.1.0.17:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.2.38:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.2:pre24:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.3.21:rc:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.2:pre21:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.3.18:rc:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.1.0.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.2.34:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.7.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.2:pre19:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.2:pre13:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.7.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.2:pre23:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.1.2.16:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.1.1.25:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.9.9:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.1.2.17:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.0.32:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.3.16:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.9.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.2:pre16:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.3.14:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.2.31:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.2.36:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.1.1.21:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.0.34:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.2.30:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.3.15:alpha:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.2:pre27:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.9.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.1.0.13:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.9.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.1.1.26:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.2.20:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.2:pre20:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.2.25:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.2:pre25:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.2.33:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.1.2.19:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.3.22:rc:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.2:pre15:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.3.17:beta:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.0.31:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.1.2.18:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.9.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:*:rc:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.2.26:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.2:pre22:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.1.0.12:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.9.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.1.2.13:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.2.3.19:rc:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:torproject:tor:0.0.2:pre18:*:*:*:*:*:* |
Yes
|
- | - |
References
- https://bugs.gentoo.org/show_bug.cgi?id=444804
- http://openwall.com/lists/oss-security/2012/11/26/11
- https://bugzilla.redhat.com/show_bug.cgi?id=880310
- https://gitweb.torproject.org/tor.git/blob/release-0.2.3:/ReleaseNotes
- https://trac.torproject.org/projects/tor/ticket/6252
- https://gitweb.torproject.org/arma/tor.git/commitdiff/b9b54568c0bb64c32bd0b362954bdbc8c1
- http://secunia.com/advisories/51329
- http://security.gentoo.org/glsa/glsa-201301-03.xml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80289