VDB
GCVE-110-MAGEIA-2015-151
GCVE-110-MAGEIA-2015-151
Advisory Published
"disgleirio" discovered that a malicious client could trigger an assertion
failure in a Tor instance providing a hidden service, thus rendering the
service inaccessible (CVE-2015-2928).
"DonnchaC" discovered that Tor clients would crash with an assertion failure
upon parsing specially crafted hidden service descriptors (CVE-2015-2929).
Introduction points would accept multiple INTRODUCE1 cells on one circuit,
making it inexpensive for an attacker to overload a hidden service with
introductions. Introduction points now no longer allow multiple cells of
that type on the same circuit.
The tor package has been updated to version 0.2.4.27, fixing these issues.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | tor | 0 (affected), 0.2.4.27-1.mga4 (unaffected), 0 (affected), 0.2.4.27-1.mga4 (unaffected) | — |
| Mageia | polkit | 0 (affected), 0.113-1.1.mga5 (unaffected) | — |
Aliases
References
Browse GCVE Records
73,393 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.