Use-After-Free Vulnerability in Tor 0.3.2.x Allows Remote Denial of Service

Use-After-Free Vulnerability in Tor 0.3.2.x Allows Remote Denial of Service

CVE-2018-0491 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.

Learn more about our Web Application Penetration Testing UK.