| Bug ID | 1083845 |
|---|---|
| Summary | VUL-0: CVE-2018-0490: tor: null-pointer crash in directory authority protocol list code (TROVE-2018-001) |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 42.3 |
| Hardware | Other |
| URL | https://smash.suse.de/issue/201158/ |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | astieger@suse.com |
| Reporter | astieger@suse.com |
| QA Contact | security-team@suse.de |
| Found By | Security Response Team |
| Blocker | --- |
The subprotocol implementation in 0.2.9.4-alpha had a bug where an incorrectly formatted relay descriptor could cause directory servers to crash when they tried to vote about it. This does not affect relays or clients, since they do not try to vote. >From https://lists.torproject.org/pipermail/tor-announce/2018-March/000152.html TROVE-2018-001 only affects directory authorities. It is a bug that an attacker can use to cause a remote directory authority to crash. All directory authorities should upgrade to one of the versions released today. It does not affect relays or clients. - Fix a protocol-list handling bug that could be used to remotely crash directory authorities with a null-pointer exception. Fixes bug 25074; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and CVE-2018-0490. Fixed in 0.2.9.15, 0.3.1.10, 0.3.2.10, 0.3.3.3-alpha References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0490 https://trac.torproject.org/projects/tor/ticket/25074