{"id":"CVE-2018-0490","details":"An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service (NULL pointer dereference and directory-authority crash) via a misformatted relay descriptor that is mishandled during voting.","modified":"2026-03-20T11:22:45.881615Z","published":"2018-03-05T15:29:00.207Z","related":["MGASA-2018-0161","openSUSE-SU-2018:0614-1","openSUSE-SU-2018:0620-1","openSUSE-SU-2024:11469-1"],"references":[{"type":"ADVISORY","url":"https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915"},{"type":"ADVISORY","url":"https://trac.torproject.org/projects/tor/ticket/25074"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4183"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/torproject/tor","events":[{"introduced":"0"},{"last_affected":"3f9bd01bf5736ff66af34f05b4611f95fcb7ec51"},{"introduced":"6babd3d9ba9318b38b5af7278875efe84055a1b0"},{"last_affected":"727d3f1b5e6eeda721339151e3cd49ffa7efbb29"},{"introduced":"0"},{"last_affected":"615dbdb0e094d4ef0b1982d06e62a8058463a28a"},{"introduced":"0"},{"last_affected":"61625b8f26384a4a5d407db3f96e343c4dac36f8"},{"introduced":"0"},{"last_affected":"dc47d936d47ffc25dc0b5e59009435cda542d240"},{"introduced":"0"},{"last_affected":"fab91a290ded3e74e806cf9d05b36b6fcb695785"},{"introduced":"0"},{"last_affected":"83389502ee6314658bcddd324c3652543b27da6b"},{"introduced":"0"},{"last_affected":"efc306c59aa9ee1a32d1979df731f25904852709"},{"introduced":"0"},{"last_affected":"290274dbb5428bc5d99926ce5d7f824165be84e8"},{"introduced":"0"},{"last_affected":"e2a2704f17415d8a63eceeaf5508174b1f66d1be"},{"introduced":"0"},{"last_affected":"023d756bfc04c244403ca7fb13e3e077dbe16408"},{"introduced":"0"},{"last_affected":"940308f493edd10ff8de2ef743e6872d1f8a4f9d"},{"introduced":"0"},{"last_affected":"d499a5a708f7298b44dd02389412a0ce3b148f94"},{"introduced":"0"},{"last_affected":"87012d076ef58bb9216c7952e0fd536f124aea68"},{"introduced":"0"},{"last_affected":"304e2151ac96bad8d5f27c63b070b06683d50665"},{"introduced":"0"},{"last_affected":"63b84335dc590499e5f22498383d6a3432e91ec4"},{"introduced":"0"},{"last_affected":"9e8b762fcecfece64aae70ae640aaa59fd227ca5"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.2.9.14"},{"introduced":"0.3.1.7"},{"last_affected":"0.3.1.9"},{"introduced":"0"},{"last_affected":"0.3.1.1-alpha"},{"introduced":"0"},{"last_affected":"0.3.1.2-alpha"},{"introduced":"0"},{"last_affected":"0.3.1.3-alpha"},{"introduced":"0"},{"last_affected":"0.3.1.4-alpha"},{"introduced":"0"},{"last_affected":"0.3.1.5-alpha"},{"introduced":"0"},{"last_affected":"0.3.1.6-rc"},{"introduced":"0"},{"last_affected":"0.3.2.1-alpha"},{"introduced":"0"},{"last_affected":"0.3.2.2-alpha"},{"introduced":"0"},{"last_affected":"0.3.2.3-alpha"},{"introduced":"0"},{"last_affected":"0.3.2.4-alpha"},{"introduced":"0"},{"last_affected":"0.3.2.5-alpha"},{"introduced":"0"},{"last_affected":"0.3.2.6-alpha"},{"introduced":"0"},{"last_affected":"0.3.2.7-rc"},{"introduced":"0"},{"last_affected":"0.3.2.8-rc"},{"introduced":"0"},{"last_affected":"0.3.2.9"}]}}],"versions":["tor-0.3.1.7","tor-0.3.1.8","tor-0.3.1.9"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-0490.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}