2017-10-16 12:31:07 -04:00
{
"CVE_data_meta" : {
"ASSIGNER" : "security@debian.org" ,
"ID" : "CVE-2017-0380" ,
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Tor before 0.3.1.7" ,
"version" : {
"version_data" : [
{
"version_value" : "Tor before 0.3.1.7"
}
]
}
}
]
} ,
"vendor_name" : "n/a"
}
]
}
} ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
"value" : "The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit."
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "use of uninitialized stack data"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
2018-04-05 09:33:01 -04:00
"name" : "https://github.com/torproject/tor/commit/09ea89764a4d3a907808ed7d4fe42abfe64bd486" ,
"refsource" : "CONFIRM" ,
2017-10-16 12:31:07 -04:00
"url" : "https://github.com/torproject/tor/commit/09ea89764a4d3a907808ed7d4fe42abfe64bd486"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "https://trac.torproject.org/projects/tor/ticket/23490" ,
"refsource" : "CONFIRM" ,
2017-10-16 12:31:07 -04:00
"url" : "https://trac.torproject.org/projects/tor/ticket/23490"
2017-10-17 07:03:29 -04:00
} ,
2017-11-05 06:04:47 -05:00
{
2018-04-05 09:33:01 -04:00
"name" : "DSA-3993" ,
"refsource" : "DEBIAN" ,
2017-11-05 06:04:47 -05:00
"url" : "http://www.debian.org/security/2017/dsa-3993"
} ,
2017-10-17 07:03:29 -04:00
{
2018-04-05 09:33:01 -04:00
"name" : "1039519" ,
"refsource" : "SECTRACK" ,
2017-10-17 07:03:29 -04:00
"url" : "http://www.securitytracker.com/id/1039519"
2017-10-16 12:31:07 -04:00
}
]
}
}
