CVE-2020-15572

Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.

CVSS v3 7.5 HIGH
CVSS v2.0 4.3 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://blog.torproject.org/new-release-tor-03511-0428-0436-security-fixes	Release Notes Vendor Advisory
https://gitlab.torproject.org/tpo/core/tor/-/issues/33119	Vendor Advisory
https://trac.torproject.org/projects/tor/wiki/TROVE	Vendor Advisory
https://blog.torproject.org/new-release-tor-03511-0428-0436-security-fixes	Release Notes Vendor Advisory
https://gitlab.torproject.org/tpo/core/tor/-/issues/33119	Vendor Advisory
https://trac.torproject.org/projects/tor/wiki/TROVE	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:torproject:tor::::::::
	cpe:2.3:a:torproject:tor::::::::
	cpe:2.3:a:torproject:tor::::::::
	cpe:2.3:a:torproject:tor:0.4.4.0:alpha::::::
	cpe:2.3:a:torproject:tor:0.4.4.1:alpha::::::

History

No history.

Information

Published : 2020-07-15 17:15

Updated : 2024-11-21 05:05

NVD link : CVE-2020-15572

Mitre link : CVE-2020-15572

CVE.ORG link : CVE-2020-15572

JSON object : View

Products Affected

torproject

tor

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2020-15572", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-07-15T17:15:11.283", "references": [{"url": "https://blog.torproject.org/new-release-tor-03511-0428-0436-security-fixes", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://gitlab.torproject.org/tpo/core/tor/-/issues/33119", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://trac.torproject.org/projects/tor/wiki/TROVE", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://blog.torproject.org/new-release-tor-03511-0428-0436-security-fixes", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitlab.torproject.org/tpo/core/tor/-/issues/33119", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://trac.torproject.org/projects/tor/wiki/TROVE", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001."}, {"lang": "es", "value": "Tor versiones anteriores a 0.4.3.6, presenta un acceso de la memoria fuera de l\u00edmites que permite un ataque de denegaci\u00f3n de servicio remoto (bloqueo) contra instancias de Tor creadas para usar Mozilla Network Security Services (NSS), tambi\u00e9n se conoce como TROVE-2020-001"}], "lastModified": "2024-11-21T05:05:46.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DAC8510-95BF-4FF8-9975-86AA5A0417C5", "versionEndExcluding": "0.3.5.11"}, {"criteria": "cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95D2A6D5-E281-4514-A4BC-74736E93BECD", "versionEndExcluding": "0.4.2.8", "versionStartExcluding": "0.4.2.0"}, {"criteria": "cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04AC62C8-A529-439A-8D7D-C79EA9658F76", "versionEndExcluding": "0.4.3.6", "versionStartExcluding": "0.4.3.0"}, {"criteria": "cpe:2.3:a:torproject:tor:0.4.4.0:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3708B4D-8F02-47B4-81E8-AA626B04C906"}, {"criteria": "cpe:2.3:a:torproject:tor:0.4.4.1:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2143F2C0-BBD4-4B14-84D6-70125DD37376"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}