Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-3517

Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests.

Related bugs and status

CVE-2012-3517 (Candidate) is related to these bugs:

Bug #1039560: <tor-0.2.2.38 : Multiple vulnerabilites

		In	Importance	Status
1039560	<tor-0.2.2.38 : Multiple vulnerabilites	tor (Ubuntu)	Undecided	Fix Released
1039560	<tor-0.2.2.38 : Multiple vulnerabilites	Gentoo Linux	Low	Fix Released
1039560	<tor-0.2.2.38 : Multiple vulnerabilites	tor (Ubuntu Precise)	Undecided	Won't Fix
1039560	<tor-0.2.2.38 : Multiple vulnerabilites	tor (Ubuntu Quantal)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2012082...
MLIST: [tor-announce] 2012081...
CONFIRM: https://bugzilla.redha...
CONFIRM: https://gitweb.torproj...
CONFIRM: https://trac.torprojec...
SUSE: openSUSE-SU-2012:1068
FEDORA: FEDORA-2012-14638
GENTOO: GLSA-201301-03