CVE-2006-3409

Description

Integer overflow in Tor before 0.1.1.20 allows remote attackers to execute arbitrary code via crafted large inputs, which result in a buffer overflow when elements are added to smartlists.

How to fix CVE-2006-3409

To remediate CVE-2006-3409, upgrade the affected package to a fixed version below.

• Debian/tor—upgrade to 0.1.1.20-1 or later

Is CVE-2006-3409 being exploited?

Moderate — EPSS is 5.4%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 0.1.1.20-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-3409