CVE-2017-0380
Description
The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | fixed | 0.3.1.7-1 |
| debian | bullseye | fixed | 0.3.1.7-1 |
| debian | forky | fixed | 0.3.1.7-1 |
| debian | sid | fixed | 0.3.1.7-1 |
| debian | trixie | fixed | 0.3.1.7-1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| torproject | tor | {"endIncluding":"0.2.8.14"} | |
| torproject | tor | 0.2.9.0 | |
| torproject | tor | 0.2.9.1 | |
| torproject | tor | 0.2.9.2 | |
| torproject | tor | 0.2.9.3 | |
| torproject | tor | 0.2.9.4 | |
| torproject | tor | 0.2.9.5 | |
| torproject | tor | 0.2.9.6 | |
| torproject | tor | 0.2.9.8 | |
| torproject | tor | 0.2.9.9 | |
| torproject | tor | 0.2.9.10 | |
| torproject | tor | 0.2.9.11 | |
| torproject | tor | 0.3.0.0 | |
| torproject | tor | 0.3.0.1 | |
| torproject | tor | 0.3.0.2 | |
| torproject | tor | 0.3.0.3 | |
| torproject | tor | 0.3.0.4 | |
| torproject | tor | 0.3.0.5 | |
| torproject | tor | 0.3.0.6 | |
| torproject | tor | 0.3.0.7 | |
| torproject | tor | 0.3.0.8 | |
| torproject | tor | 0.3.0.9 | |
| torproject | tor | 0.3.0.10 | |
| torproject | tor | 0.3.1.1 | |
| torproject | tor | 0.3.1.2 | |
| torproject | tor | 0.3.1.3 | |
| torproject | tor | 0.3.1.4 | |
| torproject | tor | 0.3.1.5 | |
| torproject | tor | 0.3.1.6 | |
| torproject | tor | 0.3.2 | |
References
- http://www.debian.org/security/2017/dsa-3993
- http://www.securitytracker.com/id/1039519
- https://github.com/torproject/tor/commit/09ea89764a4d3a907808ed7d4fe42abfe64bd486
- https://trac.torproject.org/projects/tor/ticket/23490
- https://www.suse.com/security/cve/CVE-2017-0380.html
- https://security-tracker.debian.org/tracker/CVE-2017-0380
CWEs
CWE-532
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.