Fedora 34 update for tor
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2021-34548 CVE-2021-34549 CVE-2021-34550 |
| CWE-ID | CWE-200 CWE-399 CWE-125 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Fedora Operating systems & Components / Operating system tor Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU54229
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-34548
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams, which would allow a relay on a circuit to end a stream that wasn't actually built with it.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 34
tor: before 0.4.5.9-1.fc34
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2021-1b60c984e5
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management error
EUVDB-ID: #VU54230
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-34549
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the naive unkeyed hash function. A remote attacker can construct circuits with chosen circuit IDs, to create collisions and make the hash table inefficient, resulting in denial of service condition.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 34
tor: before 0.4.5.9-1.fc34
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2021-1b60c984e5
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU54231
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-34550
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition during v3 onion service descriptor parsing. A remote attacker can create an onion service descriptor that would crash any client that tried to visit it.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 34
tor: before 0.4.5.9-1.fc34
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2021-1b60c984e5
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
