Lucene search

MitreCVE-2021-28089

HistoryMar 19, 2021 - 5:15 a.m.

CVE-2021-28089

2021-03-1905:15:12

CWE-400

mitre

web.nvd.nist.gov

160

cve-2021-28089

nvd

tor

remote participant

cpu exhaustion

trove-2021-001

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

61.1%

JSON

Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.

Affected configurations

Nvd

Node

torprojecttorRange<0.3.5.14

torprojecttorRange0.4.4.4–0.4.4.8

torprojecttorRange0.4.5.0–0.4.5.7

torprojecttorMatch0.4.4.0alpha

torprojecttorMatch0.4.4.1alpha

torprojecttorMatch0.4.4.2alpha

torprojecttorMatch0.4.4.3alpha

Node

fedoraprojectfedoraMatch33

VendorProductVersionCPE
torprojecttor*cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*
torprojecttor0.4.4.0cpe:2.3:a:torproject:tor:0.4.4.0:alpha:*:*:*:*:*:*
torprojecttor0.4.4.1cpe:2.3:a:torproject:tor:0.4.4.1:alpha:*:*:*:*:*:*
torprojecttor0.4.4.2cpe:2.3:a:torproject:tor:0.4.4.2:alpha:*:*:*:*:*:*
torprojecttor0.4.4.3cpe:2.3:a:torproject:tor:0.4.4.3:alpha:*:*:*:*:*:*
fedoraprojectfedora33cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
torproject	tor	*	cpe:2.3:a:torproject:tor::::::::
torproject	tor	0.4.4.0	cpe:2.3:a:torproject:tor:0.4.4.0:alpha::::::
torproject	tor	0.4.4.1	cpe:2.3:a:torproject:tor:0.4.4.1:alpha::::::
torproject	tor	0.4.4.2	cpe:2.3:a:torproject:tor:0.4.4.2:alpha::::::
torproject	tor	0.4.4.3	cpe:2.3:a:torproject:tor:0.4.4.3:alpha::::::
fedoraproject	fedora	33	cpe:2.3:o:fedoraproject:fedora:33:::::::*