Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002. Upstream Issue: https://trac.torproject.org/projects/tor/ticket/33120
Created tor tracking bugs for this issue: Affects: epel-all [bug 1829203]
All version in all our supported releases are on a version with fixes for that CVE