Vulnerability Name:

CVE-2012-3518 (CCN-77998)

Assigned:2012-08-25
Published:2012-08-25
Updated:2013-08-22
Summary:The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2012-3518

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2012:1068

Source: MLIST
Type: UNKNOWN
[oss-security] 20120821 Re: CVE Request -- Tor 0.2.2.38: Three issues

Source: SECUNIA
Type: UNKNOWN
50583

Source: GENTOO
Type: UNKNOWN
GLSA-201301-03

Source: DEBIAN
Type: DSA-2548
tor -- several vulnerabilities

Source: CCN
Type: BID-55128
Tor Multiple Security Vulnerabilities

Source: CCN
Type: Red Hat Bugzilla Bug 849949
CVE-2012-3517 tor: Read from freed memory and double free by processing failed DNS request

Source: XF
Type: UNKNOWN
tor-routerparse-dos(77998)

Source: CONFIRM
Type: UNKNOWN
https://gitweb.torproject.org/tor.git/commit/55f635745afacefffdaafc72cc176ca7ab817546

Source: CONFIRM
Type: UNKNOWN
https://gitweb.torproject.org/tor.git/commit/57e35ad3d91724882c345ac709666a551a977f0f

Source: CCN
Type: Tor GIT Repository
Tor

Source: MLIST
Type: UNKNOWN
[tor-announce] 20120819 Tor 0.2.2.38 is released

Source: CONFIRM
Type: UNKNOWN
https://trac.torproject.org/projects/tor/ticket/6530

Vulnerable Configuration:Configuration 1:
  • cpe:/a:tor:tor:*:*:*:*:*:*:*:* (Version <= 0.2.2.37)

    • Configuration CCN 1:
  • cpe:/a:tor:tor:0.2.2.1:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.2:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.3:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.4:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.5:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.6:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.7:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.8:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.9:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.10:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.11:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.12:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.13:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.14:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.15:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.16:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.17:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.18:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.19:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.20:alpha:*:*:*:*:*:*
  • OR cpe:/a:tor:tor:0.2.2.23:alpha:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20123518
    V
    		CVE-2012-3518
    2022-06-30
    oval:org.opensuse.security:def:113538
    P
    		tor-0.2.8.11-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106933
    P
    		tor-0.2.8.11-1.1 on GA media (Moderate)
    2021-10-01
    oval:org.mitre.oval:def:17634
    P
    		DSA-2548-1 tor - several
    2014-06-23
    oval:com.ubuntu.xenial:def:201235180000000
    V
    		CVE-2012-3518 on Ubuntu 16.04 LTS (xenial) - low.
    2012-08-26
    oval:com.ubuntu.precise:def:20123518000
    V
    		CVE-2012-3518 on Ubuntu 12.04 LTS (precise) - low.
    2012-08-25
    oval:com.ubuntu.trusty:def:20123518000
    V
    		CVE-2012-3518 on Ubuntu 14.04 LTS (trusty) - low.
    2012-08-25
    oval:com.ubuntu.xenial:def:20123518000
    V
    		CVE-2012-3518 on Ubuntu 16.04 LTS (xenial) - low.
    2012-08-25
    BACK
    tor tor *
    tor tor 0.2.2.1 alpha
    tor tor 0.2.2.2 alpha
    tor tor 0.2.2.3 alpha
    tor tor 0.2.2.4 alpha
    tor tor 0.2.2.5 alpha
    tor tor 0.2.2.6 alpha
    tor tor 0.2.2.7 alpha
    tor tor 0.2.2.8 alpha
    tor tor 0.2.2.9 alpha
    tor tor 0.2.2.10 alpha
    tor tor 0.2.2.11 alpha
    tor tor 0.2.2.12 alpha
    tor tor 0.2.2.13 alpha
    tor tor 0.2.2.14 alpha
    tor tor 0.2.2.15 alpha
    tor tor 0.2.2.16 alpha
    tor tor 0.2.2.17 alpha
    tor tor 0.2.2.18 alpha
    tor tor 0.2.2.19 alpha
    tor tor 0.2.2.6
    tor tor 0.2.2.4
    tor tor 0.2.2.5
    tor tor 0.2.2.3
    tor tor 0.2.2.2
    tor tor 0.2.2.1
    tor tor 0.2.2.20 alpha
    tor tor 0.2.2.23 alpha