CVE Details
ID CVE-2020-10593
Summary Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit.
References
Vulnerable Configurations
  • cpe:2.3:a:torproject:tor:0.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor:0.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor:0.3.5.1:alpha:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor:0.3.5.1:alpha:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor:0.3.5.2:alpha:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor:0.3.5.2:alpha:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor:0.3.5.3:alpha:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor:0.3.5.3:alpha:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor:0.3.5.4:alpha:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor:0.3.5.4:alpha:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor:0.3.5.5:alpha:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor:0.3.5.5:alpha:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor:0.3.5.6:rc:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor:0.3.5.6:rc:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor:0.3.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor:0.3.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor:0.3.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor:0.3.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor:0.4.1.1:alpha:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor:0.4.1.1:alpha:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor:0.4.1.2:alpha:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor:0.4.1.2:alpha:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor:0.4.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor:0.4.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor:0.4.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor:0.4.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor:0.4.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor:0.4.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:torproject:tor:0.4.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:torproject:tor:0.4.2.7:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 25-03-2020 - 18:15)
Impact: 2.9
Exploitability:10.0
CWE CWE-401
CAPEC Click the CAPEC title to display a description
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
CVSS v3.1
Base: 7.5 (as of 25-03-2020 - 18:15)
Impact: 3.6
Exploitability:3.9
Exploitability v3.1
Attack ComplexityAttack vectorPrivileges RequiredScopeUser Interaction
LOW NETWORK NONE UNCHANGED NONE
Impact v3.1
ConfidentialityIntegrityAvailability
NONE NONE HIGH
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3-vector via4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
refmap via4
gentoo GLSA-202003-50
misc https://trac.torproject.org/projects/tor/ticket/33619
suse
  • openSUSE-SU-2020:0406
  • openSUSE-SU-2020:0428
Last major update 25-03-2020 - 18:15
Published 23-03-2020 - 13:15
Last modified 25-03-2020 - 18:15
Back to Top