CVE-2011-1924

2011-06-1417:55:05

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.063

Percentile

93.7%

JSON

Buffer overflow in the policy_summarize function in or/policies.c in Tor before 0.2.1.30 allows remote attackers to cause a denial of service (directory authority crash) via a crafted policy that triggers creation of a long port list.

OSVersionArchitecturePackageVersionFilename
Debian12alltor< 0.2.1.30-1tor_0.2.1.30-1_all.deb
Debian11alltor< 0.2.1.30-1tor_0.2.1.30-1_all.deb
Debian999alltor< 0.2.1.30-1tor_0.2.1.30-1_all.deb
Debian13alltor< 0.2.1.30-1tor_0.2.1.30-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	tor	< 0.2.1.30-1	tor_0.2.1.30-1_all.deb
Debian	11	all	tor	< 0.2.1.30-1	tor_0.2.1.30-1_all.deb
Debian	999	all	tor	< 0.2.1.30-1	tor_0.2.1.30-1_all.deb
Debian	13	all	tor	< 0.2.1.30-1	tor_0.2.1.30-1_all.deb