CVE-2012-3517 - OpenCVE

Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Tor	Tor

Configuration 1 [-]

cpe:2.3:a:tor:tor:*:*:*:*:*:*:*:*

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088006.html
http://lists.opensuse.org/opensuse-updates/2012-08/msg00048.html
http://openwall.com/lists/oss-security/2012/08/21/6
http://security.gentoo.org/glsa/glsa-201301-03.xml
https://bugzilla.redhat.com/show_bug.cgi?id=849949
https://gitweb.torproject.org/tor.git/commit/62637fa22405278758febb1743da9af562524d4c
https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html
https://trac.torproject.org/projects/tor/ticket/6480	Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2012-08-26T01:00:00

Updated: 2012-10-11T09:00:00

Reserved: 2012-06-14T00:00:00

Link: CVE-2012-3517

JSON object: View

NVD Information

Status : Modified

Published: 2012-08-26T03:17:44.043

Modified: 2013-08-22T03:56:41.617

Link: CVE-2012-3517

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-08-19T00:00:00", "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-10-11T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "GLSA-201301-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201301-03.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=849949"}, {"name": "[tor-announce] 20120819 Tor 0.2.2.38 is released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://gitweb.torproject.org/tor.git/commit/62637fa22405278758febb1743da9af562524d4c"}, {"name": "[oss-security] 20120821 Re: CVE Request -- Tor 0.2.2.38: Three issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2012/08/21/6"}, {"name": "openSUSE-SU-2012:1068", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00048.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://trac.torproject.org/projects/tor/ticket/6480"}, {"name": "FEDORA-2012-14638", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088006.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-3517", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201301-03", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201301-03.xml"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=849949", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=849949"}, {"name": "[tor-announce] 20120819 Tor 0.2.2.38 is released", "refsource": "MLIST", "url": "https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html"}, {"name": "https://gitweb.torproject.org/tor.git/commit/62637fa22405278758febb1743da9af562524d4c", "refsource": "CONFIRM", "url": "https://gitweb.torproject.org/tor.git/commit/62637fa22405278758febb1743da9af562524d4c"}, {"name": "[oss-security] 20120821 Re: CVE Request -- Tor 0.2.2.38: Three issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2012/08/21/6"}, {"name": "openSUSE-SU-2012:1068", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00048.html"}, {"name": "https://trac.torproject.org/projects/tor/ticket/6480", "refsource": "CONFIRM", "url": "https://trac.torproject.org/projects/tor/ticket/6480"}, {"name": "FEDORA-2012-14638", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088006.html"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-3517", "datePublished": "2012-08-26T01:00:00", "dateReserved": "2012-06-14T00:00:00", "dateUpdated": "2012-10-11T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tor:tor:*:*:*:*:*:*:*:*", "matchCriteriaId": "D87D8965-CE3A-457E-AD9D-C8EE68F538A4", "versionEndIncluding": "0.2.2.37", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests."}, {"lang": "es", "value": "Vulnerabilidad de liberaci\u00f3n despu\u00e9s de uso en dns.c en Tor anterior a 0.2.2.38 podr\u00eda permitir a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de vectores relacionados con solicitudes fallidas de DNS."}], "id": "CVE-2012-3517", "lastModified": "2013-08-22T03:56:41.617", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-08-26T03:17:44.043", "references": [{"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088006.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00048.html"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2012/08/21/6"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-201301-03.xml"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=849949"}, {"source": "secalert@redhat.com", "url": "https://gitweb.torproject.org/tor.git/commit/62637fa22405278758febb1743da9af562524d4c"}, {"source": "secalert@redhat.com", "url": "https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://trac.torproject.org/projects/tor/ticket/6480"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}