Resist a hashtable-based CPU denial-of-service attack against relays. Previously we used a naive unkeyed hash function to look up circuits in a circuitmux object. An attacker could exploit this to construct circuits with chosen circuit IDs, to create collisions and make the hash table inefficient. Now we use a SipHash construction here instead. Fixes bug 40391; bugfix on 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and CVE-2021-34549. References: https://lists.torproject.org/pipermail/tor-announce/2021-June/000220.html https://lists.torproject.org/pipermail/tor-announce/2021-June/000221.html
Created tor tracking bugs for this issue: Affects: epel-all [bug 1972883] Affects: fedora-all [bug 1972882]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.