Vulnerability Name:

CVE-2009-0938

Assigned:2009-02-09
Published:2009-02-09
Updated:2017-08-16
Summary:Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service (exit node crash) via "malformed input."
CVSS v3 Severity:3.7 Low (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
References:Source: MLIST
Type: PATCH
[or-announce] 20090209 Tor 0.2.0.34 is released (security fixes)

Source: GENTOO
Type: UNKNOWN
GLSA-200904-11

Source: BID
Type: UNKNOWN
33713

Source: XF
Type: UNKNOWN
tor-mirrors-dos(49323)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:tor:tor:0.2.0.17:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.16:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.15:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.1:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.14:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.18:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.13:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.12:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.11:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.10:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.2:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.21:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.20:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.19:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.24:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.25:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.22:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.23:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.26:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.27:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.28:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.31:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.3:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.4:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.5:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.6:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.29:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.30:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.32:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.33:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:tor:tor:0.2.0.1:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.2:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.3:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.4:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.5:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.6:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.10:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.11:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.12:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.13:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.14:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.15:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.16:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.17:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.18:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.19:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.20:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.21:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.22:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.23:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.24:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.25:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.26:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.27:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.29:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.30:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.28:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.31:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.32:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.0.33:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    tor tor 0.2.0.17 alpha
    tor tor 0.2.0.16 alpha
    tor tor 0.2.0.15 alpha
    tor tor 0.2.0.1 alpha
    tor tor 0.2.0.14 alpha
    tor tor 0.2.0.18 alpha
    tor tor 0.2.0.13 alpha
    tor tor 0.2.0.12 alpha
    tor tor 0.2.0.11 alpha
    tor tor 0.2.0.10 alpha
    tor tor 0.2.0.2 alpha
    tor tor 0.2.0.21 alpha
    tor tor 0.2.0.20 alpha
    tor tor 0.2.0.19 alpha
    tor tor 0.2.0.24 alpha
    tor tor 0.2.0.25 alpha
    tor tor 0.2.0.22 alpha
    tor tor 0.2.0.23 alpha
    tor tor 0.2.0.26 alpha
    tor tor 0.2.0.27 alpha
    tor tor 0.2.0.28 alpha
    tor tor 0.2.0.31 alpha
    tor tor 0.2.0.3 alpha
    tor tor 0.2.0.4 alpha
    tor tor 0.2.0.5 alpha
    tor tor 0.2.0.6 alpha
    tor tor 0.2.0.29 alpha
    tor tor 0.2.0.30 alpha
    tor tor 0.2.0.32 alpha
    tor tor 0.2.0.33
    tor tor 0.2.0.1 alpha
    tor tor 0.2.0.2 alpha
    tor tor 0.2.0.3 alpha
    tor tor 0.2.0.4 alpha
    tor tor 0.2.0.5 alpha
    tor tor 0.2.0.6 alpha
    tor tor 0.2.0.10 alpha
    tor tor 0.2.0.11 alpha
    tor tor 0.2.0.12 alpha
    tor tor 0.2.0.13 alpha
    tor tor 0.2.0.14 alpha
    tor tor 0.2.0.15 alpha
    tor tor 0.2.0.16 alpha
    tor tor 0.2.0.17 alpha
    tor tor 0.2.0.18 alpha
    tor tor 0.2.0.19 alpha
    tor tor 0.2.0.20 alpha
    tor tor 0.2.0.21 alpha
    tor tor 0.2.0.22 alpha
    tor tor 0.2.0.23 alpha
    tor tor 0.2.0.24 alpha
    tor tor 0.2.0.25 alpha
    tor tor 0.2.0.26 alpha
    tor tor 0.2.0.27 alpha
    tor tor 0.2.0.29 alpha
    tor tor 0.2.0.30 alpha
    tor tor 0.2.0.28 alpha
    tor tor 0.2.0.31 alpha
    tor tor 0.2.0.32 alpha
    tor tor 0.2.0.33
    gentoo linux *