CVE-2012-4419

The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
torprojecttor
𝑥
≤ 0.2.2.38
torprojecttor
0.0.2
torprojecttor
0.0.2:pre13
torprojecttor
0.0.2:pre14
torprojecttor
0.0.2:pre15
torprojecttor
0.0.2:pre16
torprojecttor
0.0.2:pre17
torprojecttor
0.0.2:pre18
torprojecttor
0.0.2:pre19
torprojecttor
0.0.2:pre20
torprojecttor
0.0.2:pre21
torprojecttor
0.0.2:pre22
torprojecttor
0.0.2:pre23
torprojecttor
0.0.2:pre24
torprojecttor
0.0.2:pre25
torprojecttor
0.0.2:pre26
torprojecttor
0.0.2:pre27
torprojecttor
0.0.3
torprojecttor
0.0.4
torprojecttor
0.0.5
torprojecttor
0.0.6
torprojecttor
0.0.6.1
torprojecttor
0.0.6.2
torprojecttor
0.0.7
torprojecttor
0.0.7.1
torprojecttor
0.0.7.2
torprojecttor
0.0.7.3
torprojecttor
0.0.8.1
torprojecttor
0.0.9.1
torprojecttor
0.0.9.2
torprojecttor
0.0.9.3
torprojecttor
0.0.9.4
torprojecttor
0.0.9.5
torprojecttor
0.0.9.6
torprojecttor
0.0.9.7
torprojecttor
0.0.9.8
torprojecttor
0.0.9.9
torprojecttor
0.0.9.10
torprojecttor
0.1.0.10
torprojecttor
0.1.0.11
torprojecttor
0.1.0.12
torprojecttor
0.1.0.13
torprojecttor
0.1.0.14
torprojecttor
0.1.0.15
torprojecttor
0.1.0.16
torprojecttor
0.1.0.17
torprojecttor
0.1.1.20
torprojecttor
0.1.1.21
torprojecttor
0.1.1.22
torprojecttor
0.1.1.23
torprojecttor
0.1.1.24
torprojecttor
0.1.1.25
torprojecttor
0.1.1.26
torprojecttor
0.1.2.13
torprojecttor
0.1.2.14
torprojecttor
0.1.2.15
torprojecttor
0.1.2.16
torprojecttor
0.1.2.17
torprojecttor
0.1.2.18
torprojecttor
0.1.2.19
torprojecttor
0.2.0.30
torprojecttor
0.2.0.31
torprojecttor
0.2.0.32
torprojecttor
0.2.0.33
torprojecttor
0.2.0.34
torprojecttor
0.2.0.35
torprojecttor
0.2.2.18
torprojecttor
0.2.2.19
torprojecttor
0.2.2.20
torprojecttor
0.2.2.21
torprojecttor
0.2.2.22
torprojecttor
0.2.2.23
torprojecttor
0.2.2.24
torprojecttor
0.2.2.25
torprojecttor
0.2.2.26
torprojecttor
0.2.2.27
torprojecttor
0.2.2.28
torprojecttor
0.2.2.29
torprojecttor
0.2.2.30
torprojecttor
0.2.2.31
torprojecttor
0.2.2.32
torprojecttor
0.2.2.33
torprojecttor
0.2.2.34
torprojecttor
0.2.2.35
torprojecttor
0.2.2.36
torprojecttor
0.2.2.37
torprojecttor
0.2.3
torprojecttor
0.2.3.13:alpha
torprojecttor
0.2.3.14:alpha
torprojecttor
0.2.3.15:alpha
torprojecttor
0.2.3.16:alpha
torprojecttor
0.2.3.17:beta
torprojecttor
0.2.3.18:rc
torprojecttor
0.2.3.19:rc
torprojecttor
0.2.3.20:rc
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tor
bullseye (security)
0.4.5.16-1
fixed
bullseye
0.4.5.16-1
fixed
bookworm
0.4.7.16-1
fixed
bookworm (security)
0.4.7.16-1
fixed
sid
0.4.8.13-2
fixed
trixie
0.4.8.13-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tor
zesty
Fixed 0.2.3.22-rc-1
released
yakkety
Fixed 0.2.3.22-rc-1
released
xenial
Fixed 0.2.3.22-rc-1
released
wily
Fixed 0.2.3.22-rc-1
released
vivid
Fixed 0.2.3.22-rc-1
released
utopic
Fixed 0.2.3.22-rc-1
released
trusty
Fixed 0.2.3.22-rc-1
released
saucy
Fixed 0.2.3.22-rc-1
released
raring
Fixed 0.2.3.22-rc-1
released
quantal
Fixed 0.2.3.22-rc-1
released
precise
ignored
oneiric
ignored
natty
ignored
lucid
dne
hardy
ignored
References
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088006.html
http://lists.opensuse.org/opensuse-updates/2012-10/msg00005.html
http://openwall.com/lists/oss-security/2012/09/13/2
http://secunia.com/advisories/50583
http://security.gentoo.org/glsa/glsa-201301-03.xml
https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes
https://gitweb.torproject.org/tor.git/commit/62d96284f7e0f81c40d5df7e53dd7b4dfe7e56a5
https://lists.torproject.org/pipermail/tor-talk/2012-September/025434.html
https://trac.torproject.org/projects/tor/ticket/6690
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088006.html
http://lists.opensuse.org/opensuse-updates/2012-10/msg00005.html
http://openwall.com/lists/oss-security/2012/09/13/2
http://secunia.com/advisories/50583
http://security.gentoo.org/glsa/glsa-201301-03.xml
https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes
https://gitweb.torproject.org/tor.git/commit/62d96284f7e0f81c40d5df7e53dd7b4dfe7e56a5
https://lists.torproject.org/pipermail/tor-talk/2012-September/025434.html
https://trac.torproject.org/projects/tor/ticket/6690