Login Sign Up

CVE-2020-15572

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability is an out-of-bounds memory access in Tor versions before 0.4.3.6 when built with Mozilla NSS. It allows remote attackers to cause a denial-of-service (crash) of Tor instances. Only Tor instances compiled with NSS instead of OpenSSL are affected.

💻 Affected Systems

Products:
  • Tor
Versions: All versions before 0.4.3.6
Operating Systems: All platforms where Tor is built with NSS
Default Config Vulnerable: ✅ No
Notes: Only affects Tor instances compiled with Mozilla NSS instead of OpenSSL. Most distributions use OpenSSL by default.

📦 What is this software?

Tor by Torproject

View all CVEs affecting Tor →

Tor by Torproject

View all CVEs affecting Tor →

Tor by Torproject

View all CVEs affecting Tor →

Tor by Torproject

View all CVEs affecting Tor →

Tor by Torproject

View all CVEs affecting Tor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attacker crashes Tor relay or exit node, disrupting anonymity network services

🟠

Likely Case

Remote denial-of-service causing Tor instance to crash and restart

🟢

If Mitigated

No impact if patched or using OpenSSL build

🌐 Internet-Facing: HIGH - Tor relays and exit nodes are internet-facing by design
🏢 Internal Only: LOW - Internal Tor clients are less likely to be targeted

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Remote exploitation requires sending crafted traffic to vulnerable Tor instance

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.4.3.6 or later

Vendor Advisory: https://blog.torproject.org/new-release-tor-03511-0428-0436-security-fixes

Restart Required: Yes

Instructions:

1. Update Tor to version 0.4.3.6 or later. 2. Restart Tor service. 3. Verify version with 'tor --version'

🔧 Temporary Workarounds

Switch to OpenSSL build

all

Recompile Tor with OpenSSL instead of NSS if using NSS build

Network isolation

all

Restrict network access to Tor instances to trusted sources only

🧯 If You Can't Patch

  • Monitor Tor instances for crashes and restart automatically
  • Isolate vulnerable Tor instances from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check Tor version with 'tor --version' and verify if built with NSS

Check Version:

tor --version

Verify Fix Applied:

Confirm version is 0.4.3.6 or later with 'tor --version'

📡 Detection & Monitoring

Log Indicators:

  • Tor process crashes
  • Unexpected restarts in Tor logs
  • Segmentation fault errors

Network Indicators:

  • Unusual traffic patterns to Tor ports
  • Connection spikes followed by service disruption

SIEM Query:

process_name:tor AND (event_type:crash OR exit_code:139 OR exit_code:11)

📊 Metadata

CVE ID: CVE-2020-15572
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-125
Published: July 15, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-15572, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)