CVE-2012-4922

Description

The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed directory object, a different vulnerability than CVE-2012-4419.

How to fix CVE-2012-4922

To remediate CVE-2012-4922, upgrade the affected package to a fixed version below.

• Debian/tor—upgrade to 0.2.3.22-rc-1 or later

Is CVE-2012-4922 being exploited?

Low — EPSS is 4.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.2.3.22-rc-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-4922