CVE-2012-3518

EPSS 1.5%

tor - several

Published: 8/26/2012Modified: 4/28/2026

Also known as:DEBIAN-CVE-2012-3518

Description

The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document.

Affected packages (2)

Debian/torfrom 0, < 0.2.3.20-rc-1
Debian/torfrom 0, < 0.2.2.39-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-3518