CVE-2012-4922

Publication date 14 September 2012

Last updated 24 July 2024

Ubuntu priority

The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed directory object, a different vulnerability than CVE-2012-4419.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
tor	17.04 zesty	Fixed 0.2.3.22-rc-1
	16.10 yakkety	Fixed 0.2.3.22-rc-1
	16.04 LTS xenial	Fixed 0.2.3.22-rc-1
	15.10 wily	Fixed 0.2.3.22-rc-1
	15.04 vivid	Fixed 0.2.3.22-rc-1
	14.10 utopic	Fixed 0.2.3.22-rc-1
	14.04 LTS trusty	Fixed 0.2.3.22-rc-1
	13.10 saucy	Fixed 0.2.3.22-rc-1
	13.04 raring	Fixed 0.2.3.22-rc-1
	12.10 quantal	Fixed 0.2.3.22-rc-1
	12.04 LTS precise	Ignored end of life
	11.10 oneiric	Ignored end of life
	11.04 natty	Ignored end of life
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Ignored end of life

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://trac.torproject.org/projects/tor/ticket/6811
https://lists.torproject.org/pipermail/tor-talk/2012-September/025501.html
https://gitweb.torproject.org/tor.git/commit/973c18bf0e84d14d8006a9ae97fde7f7fb97e404
https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes
http://openwall.com/lists/oss-security/2012/09/12/5
https://www.cve.org/CVERecord?id=CVE-2012-4922