CVE-2012-3519 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3519):
routerlist.c in Tor before 0.2.2.38 uses a different amount of time for
relay-list iteration depending on which relay is chosen, which might allow
remote attackers to obtain sensitive information about relay selection via a
timing side-channel attack.
CVE-2012-3518 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3518):
The networkstatus_parse_vote_from_string function in routerparse.c in Tor
before 0.2.2.38 does not properly handle an invalid flavor name, which
allows remote attackers to cause a denial of service (out-of-bounds read and
daemon crash) via a crafted (1) vote document or (2) consensus document.
CVE-2012-3517 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3517):
Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow
remote attackers to cause a denial of service (daemon crash) via vectors
related to failed DNS requests.
CVE-2012-3519 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2012- 3519):
routerlist.c in Tor before 0.2.2.38 uses a different amount of time for
relay-list iteration depending on which relay is chosen, which might allow
remote attackers to obtain sensitive information about relay selection via a
timing side-channel attack.
CVE-2012-3518 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2012- 3518): parse_vote_ from_string function in routerparse.c in Tor
The networkstatus_
before 0.2.2.38 does not properly handle an invalid flavor name, which
allows remote attackers to cause a denial of service (out-of-bounds read and
daemon crash) via a crafted (1) vote document or (2) consensus document.
CVE-2012-3517 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2012- 3517):
Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow
remote attackers to cause a denial of service (daemon crash) via vectors
related to failed DNS requests.