CVE-2016-8860

moderate-risk
Published 2017-01-04

Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.

Do I need to act?

~
2.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (5)

Tor
Tor
Tor
Tor
Tor

Affected Vendors

Torproject

References (14)

Third Party Advisory http://openwall.com/lists/oss-security/2016/10/19/11
http://www.debian.org/security/2016/dsa-3694
http://www.securityfocus.com/bid/95116
Release Notes https://blog.torproject.org/blog/tor-0289-released-important-fixes
Patch https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57c...
https://security.gentoo.org/glsa/201612-45
Vendor Advisory https://trac.torproject.org/projects/tor/ticket/20384
Third Party Advisory http://openwall.com/lists/oss-security/2016/10/19/11
http://www.debian.org/security/2016/dsa-3694
http://www.securityfocus.com/bid/95116
Release Notes https://blog.torproject.org/blog/tor-0289-released-important-fixes
Patch https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57c...
https://security.gentoo.org/glsa/201612-45
Vendor Advisory https://trac.torproject.org/projects/tor/ticket/20384
44
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 6/34 · Minimal
Exposure 12/34 · Low