buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.
Software | From | Fixed in |
---|---|---|
torproject / tor | - | 0.2.4.26 |
torproject / tor | 0.2.5.1 | 0.2.5.11 |