Fix an out-of-bounds memory access in v3 onion service descriptor parsing. An attacker could exploit this bug by crafting an onion service descriptor that would crash any client that tried to visit it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei Glazunov from Google's Project Zero. References: https://lists.torproject.org/pipermail/tor-announce/2021-June/000220.html https://lists.torproject.org/pipermail/tor-announce/2021-June/000221.html
Created tor tracking bugs for this issue: Affects: epel-all [bug 1972887] Affects: fedora-all [bug 1972886]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.