Bug ID 1167013
Summary VUL-0: CVE-2020-10592: tor: CPU consumption DoS and timing patterns (TROVE-2020-002)
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.1
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee bwiedemann@suse.com
Reporter Andreas.Stieger@gmx.de
QA Contact security-team@suse.de
Found By ---
Blocker --- 

https://lists.torproject.org/pipermail/tor-announce/2020-March/000196.html

  o Major bugfixes (security, denial-of-service, backport from 0.4.3.3-alpha):
    - Fix a denial-of-service bug that could be used by anyone to
      consume a bunch of CPU on any Tor relay or authority, or by
      directories to consume a bunch of CPU on clients or hidden
      services. Because of the potential for CPU consumption to
      introduce observable timing patterns, we are treating this as a
      high-severity security issue. Fixes bug 33119; bugfix on
      0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue
      as TROVE-2020-002 and CVE-2020-10592.

Fixed in 0.3.5.10, 0.4.1.9, and 0.4.2.7.

You are receiving this mail because: