CVE-2015-2688

Summary

buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.

Affected Software

VendorProductVersion RangeStatus
The Tor ProjectTorbefore 0.2.4.26affected
The Tor ProjectTor0.2.5.x before 0.2.5.11affected

Weaknesses

  • Other

ADP Enrichment

CVE Program Container

Additional References

References