FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Tor -- remote denial of service

Affected packages
tor < 0.2.8.9
tor-devel < 0.2.9.4-alpha

Details

VuXML ID c1dc55dc-9556-11e6-b154-3065ec8fd3ec
Discovery 2016-10-17
Entry 2016-10-18

The Tor Blog reports:

Prevent a class of security bugs caused by treating the contents of a buffer chunk as if they were a NUL-terminated string. At least one such bug seems to be present in all currently used versions of Tor, and would allow an attacker to remotely crash most Tor instances, especially those compiled with extra compiler hardening. With this defense in place, such bugs can't crash Tor, though we should still fix them as they occur. Closes ticket 20384 (TROVE-2016-10-001).

References

URL https://blog.torproject.org/blog/tor-0289-released-important-fixes