CVE-2021-34549 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Denial of service |
| Description | A security issue has been found in Tor before version 0.4.5.9 that could be exploited for a hashtable-based CPU denial-of-service attack against relays. Previously a naive unkeyed hash function to look up circuits in a circuitmux object was used. An attacker could exploit this to construct circuits with chosen circuit IDs, to create collisions and make the hash table inefficient. Now a SipHash construction is used instead. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2075 | tor | 0.4.5.8-2 | 0.4.5.9-1 | Medium | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 22 Jun 2021 | ASA-202106-50 | AVG-2075 | tor | Medium | denial of service |
| References |
|---|
https://blog.torproject.org/node/2041 https://gitlab.torproject.org/tpo/core/tor/-/issues/40391 https://gitlab.torproject.org/tpo/core/tor/-/commit/4c06c619faceb5d158a725d97fda45cadb2cf9c9 |