VDB
CVE-2019-8955
CVE-2019-8955
PUBLISHED
In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler.
EPSS 1.81% · 83.1th percentile
Risk Scores
EPSS Score
1.81%
83.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:18.04:LTS | tor | 0, 0.3.0.10-1, 0.3.1.8-2 |
Timeline
- Feb 21, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- May 19, 2023 EPSS Score
- Aug 4, 2024 CVE Updated
- Mar 17, 2025 EPSS Score
- Mar 19, 2025 EPSS Score
- Mar 28, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Apr 5, 2025 EPSS Score
- Apr 7, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-8955 third-party-advisory
- https://blog.torproject.org/new-releases-tor-0402-alpha-0358-03411-and-03312 third-party-advisory
- https://trac.torproject.org/projects/tor/ticket/29168 third-party-advisory
- https://ubuntu.com/security/notices/USN-5036-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-8955 third-party-advisory