[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-4922Date: (C)2012-09-14   (M)2023-12-22


The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed directory object, a different vulnerability than CVE-2012-4419.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
FEDORA-2012-14638
GLSA-201301-03
http://openwall.com/lists/oss-security/2012/09/12/5
https://lists.torproject.org/pipermail/tor-talk/2012-September/025501.html
https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes
https://gitweb.torproject.org/tor.git/commit/973c18bf0e84d14d8006a9ae97fde7f7fb97e404
https://trac.torproject.org/projects/tor/ticket/6811
openSUSE-SU-2012:1278

CPE    95
cpe:/a:torproject:tor:0.0.9.7
cpe:/a:torproject:tor:0.0.9.6
cpe:/a:torproject:tor:0.0.9.9
cpe:/a:torproject:tor:0.0.9.10
...
CWE    1
CWE-20
OVAL    1
oval:org.secpod.oval:def:104574

© SecPod Technologies