CVE-2012-4419
EPSS 1.6%
Description
The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison.
How to fix CVE-2012-4419
To remediate CVE-2012-4419, upgrade the affected package to a fixed version below.
- Debian/tor—upgrade to 0.2.3.22-rc-1 or later
Is CVE-2012-4419 being exploited?
Low — EPSS is 1.6%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.2.3.22-rc-1