vulnerability
FreeBSD: VID-c1dc55dc-9556-11e6-b154-3065ec8fd3ec: Tor -- remote denial of service
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Oct 18, 2016 | Nov 14, 2016 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Oct 18, 2016
Added
Nov 14, 2016
Modified
Dec 10, 2025
Description
The Tor Blog reports: Prevent a class of security bugs caused by treating the contents of a buffer chunk as if they were a NUL-terminated string. At least one such bug seems to be present in all currently used versions of Tor, and would allow an attacker to remotely crash most Tor instances, especially those compiled with extra compiler hardening. With this defense in place, such bugs can't crash Tor, though we should still fix them as they occur. Closes ticket 20384 (TROVE-2016-10-001).
Solutions
freebsd-upgrade-package-torfreebsd-upgrade-package-tor-devel
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.