CVE-2012-4419

Publication date 14 September 2012

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison.

Read the notes from the security team

Status

Package Ubuntu Release Status
tor 17.04 zesty
Fixed 0.2.3.22-rc-1
16.10 yakkety
Fixed 0.2.3.22-rc-1
16.04 LTS xenial
Fixed 0.2.3.22-rc-1
15.10 wily
Fixed 0.2.3.22-rc-1
15.04 vivid
Fixed 0.2.3.22-rc-1
14.10 utopic
Fixed 0.2.3.22-rc-1
14.04 LTS trusty
Fixed 0.2.3.22-rc-1
13.10 saucy
Fixed 0.2.3.22-rc-1
13.04 raring
Fixed 0.2.3.22-rc-1
12.10 quantal
Fixed 0.2.3.22-rc-1
12.04 LTS precise Ignored end of life
11.10 oneiric Ignored end of life
11.04 natty Ignored end of life
10.04 LTS lucid Not in release
8.04 LTS hardy Ignored end of life

Notes

sbeattie

looks like triggerable asserts that cause a DoS