VIR Vulnerability Intelligence Relay

CVE-2012-2249

medium
Published 2014-02-03 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
5.0

Description

Tor before 0.2.3.23-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a renegotiation attempt that occurs after the initiation of the V3 link protocol.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed0.2.3.23-rc-1
debian debianbullseyefixed0.2.3.23-rc-1
debian debianforkyfixed0.2.3.23-rc-1
debian debiansidfixed0.2.3.23-rc-1
debian debiantrixiefixed0.2.3.23-rc-1

Application impact
VendorProductVersionsFixed
torprojecttor{"endIncluding":"0.2.3.22"}
torprojecttor0.0.2
torprojecttor0.0.3
torprojecttor0.0.4
torprojecttor0.0.5
torprojecttor0.0.6
torprojecttor0.0.6.1
torprojecttor0.0.6.2
torprojecttor0.0.7
torprojecttor0.0.7.1
torprojecttor0.0.7.2
torprojecttor0.0.7.3
torprojecttor0.0.8.1
torprojecttor0.0.9.1
torprojecttor0.0.9.2
torprojecttor0.0.9.3
torprojecttor0.0.9.4
torprojecttor0.0.9.5
torprojecttor0.0.9.6
torprojecttor0.0.9.7
torprojecttor0.0.9.8
torprojecttor0.0.9.9
torprojecttor0.0.9.10
torprojecttor0.1.0.10
torprojecttor0.1.0.11
torprojecttor0.1.0.12
torprojecttor0.1.0.13
torprojecttor0.1.0.14
torprojecttor0.1.0.15
torprojecttor0.1.0.16
torprojecttor0.1.0.17
torprojecttor0.1.1.20
torprojecttor0.1.1.21
torprojecttor0.1.1.22
torprojecttor0.1.1.23
torprojecttor0.1.1.24
torprojecttor0.1.1.25
torprojecttor0.1.1.26
torprojecttor0.1.2.13
torprojecttor0.1.2.14
torprojecttor0.1.2.15
torprojecttor0.1.2.16
torprojecttor0.1.2.17
torprojecttor0.1.2.18
torprojecttor0.1.2.19
torprojecttor0.2.0.30
torprojecttor0.2.0.31
torprojecttor0.2.0.32
torprojecttor0.2.0.33
torprojecttor0.2.0.34
torprojecttor0.2.0.35
torprojecttor0.2.2.18
torprojecttor0.2.2.19
torprojecttor0.2.2.20
torprojecttor0.2.2.21
torprojecttor0.2.2.22
torprojecttor0.2.2.23
torprojecttor0.2.2.24
torprojecttor0.2.2.25
torprojecttor0.2.2.26
torprojecttor0.2.2.27
torprojecttor0.2.2.28
torprojecttor0.2.2.29
torprojecttor0.2.2.30
torprojecttor0.2.2.31
torprojecttor0.2.2.32
torprojecttor0.2.2.33
torprojecttor0.2.2.34
torprojecttor0.2.2.35
torprojecttor0.2.2.36
torprojecttor0.2.2.37
torprojecttor0.2.2.38
torprojecttor0.2.3
torprojecttor0.2.3.13
torprojecttor0.2.3.14
torprojecttor0.2.3.15
torprojecttor0.2.3.16
torprojecttor0.2.3.17
torprojecttor0.2.3.18
torprojecttor0.2.3.19
torprojecttor0.2.3.20
torprojecttor0.2.3.21

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.