vulnerability
FreeBSD: VID-36EF8753-D86F-11E7-AD28-0025908740C2 (CVE-2017-8819): tor -- Use-after-free in onion service v2
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Dec 1, 2017 | Dec 14, 2017 | May 7, 2019 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Dec 1, 2017
Added
Dec 14, 2017
Modified
May 7, 2019
Description
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigger this issue.
Solution
freebsd-upgrade-package-tor
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.