The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor.
[
{
"product": "Tor",
"vendor": "The Tor Project",
"versions": [
{
"status": "affected",
"version": "before 0.2.4.27"
},
{
"status": "affected",
"version": "0.2.5.x before 0.2.5.12"
},
{
"status": "affected",
"version": "0.2.6.x before 0.2.6.7"
}
]
}
]