CVE-2015-2689

Summary

Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.

Affected Software

VendorProductVersion RangeStatus
The Tor ProjectTorbefore 0.2.4.26affected
The Tor ProjectTor0.2.5.x before 0.2.5.11affected

Weaknesses

  • Other

ADP Enrichment

CVE Program Container

Additional References

References