#25117: Resolve TROVE-2018-002: bug 24700 KIST use-after-free can be remotely triggered --------------------------+------------------------------------ Reporter: nickm | Owner: nickm Type: defect | Status: closed Priority: High | Milestone: Tor: 0.3.3.x-final Component: Core Tor/Tor | Version: Severity: Normal | Resolution: fixed Keywords: 033-must | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: --------------------------+------------------------------------ Changes (by nickm):
* status: assigned => closed * resolution: => fixed Old description: New description: The use-after free KIST bug that we fixed as #24700 can, it turns out, be triggered remotely, causing relays to crash. This bug only affects relays and bridges, and only if they are running 0.3.2.1-alpha through 0.3.2.9, or 0.3.3.1-alpha. It is fixed in 0.3.2.10 and 0.3.3.2-alpha. Tracked as TROVE-2018-002 and CVE-2018-0491. -- -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25117#comment:3> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs