CVE-2021-34548 - log back

CVE-2021-34548 edited at 21 Jun 2021 09:12:01
Type
- Insufficient validation
+ Denial of service
CVE-2021-34548 edited at 16 Jun 2021 10:54:55
Description
- A security issue has been found in Tor before version 0.4.6.5. Relays could spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams because clients failed to validate which hop sent these cells. This would allow a relay on a circuit to end a stream that wasn't actually built with it.
+ A security issue has been found in Tor before version 0.4.5.9. Relays could spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams because clients failed to validate which hop sent these cells. This would allow a relay on a circuit to end a stream that wasn't actually built with it.
CVE-2021-34548 edited at 16 Jun 2021 10:37:52
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Insufficient validation
Description
+ A security issue has been found in Tor before version 0.4.6.5. Relays could spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams because clients failed to validate which hop sent these cells. This would allow a relay on a circuit to end a stream that wasn't actually built with it.
References
+ https://blog.torproject.org/node/2041
+ https://gitlab.torproject.org/tpo/core/tor/-/issues/40389
+ https://gitlab.torproject.org/tpo/core/tor/-/commit/adb248b6d6e0779719e6b873ee12a1e22fa390f4
Notes
CVE-2021-34548 created at 16 Jun 2021 10:33:05