Bug 705192 (CVE-2011-1924) - CVE-2011-1924 tor: remote DoS fixed in
Summary: CVE-2011-1924 tor: remote DoS fixed in
Alias: CVE-2011-1924
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 671263 705193 705194
TreeView+ depends on / blocked
Reported: 2011-05-16 22:20 UTC by Vincent Danen
Modified: 2019-09-29 12:45 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2013-05-31 03:14:18 UTC

Attachments (Terms of Use)

Description Vincent Danen 2011-05-16 22:20:41 UTC
A vulnerability in Tor was reported [1] that could allow a malicious remote attacker to cause a denial of service.  This vulnerability is due to a boundary error within the policy_summarize() function in src/or/policies.c which can be exploited to crash a Tor directory authority.

Upstream announced the release of [2] that is noted to correct this flaw.

[1] http://secunia.com/advisories/43548/
[2] https://lists.torproject.org/pipermail/tor-announce/2011-February/000000.html

Comment 1 Vincent Danen 2011-05-16 22:21:38 UTC
Created tor tracking bugs for this issue

Affects: fedora-13 [bug 705193]
Affects: fedora-14 [bug 705194]
Affects: epel-5 [bug 671263]

Comment 2 Vincent Danen 2011-05-17 04:03:49 UTC
The upstream fix is here:


Comment 3 Vincent Danen 2011-05-17 23:40:48 UTC
This was assigned CVE-2011-1924.

Comment 4 Paul Wouters 2013-05-31 03:14:18 UTC
fixed long time ago

Note You need to log in before you can comment on or make changes to this bug.