Introduced overhaul releases of the Tor toolkit (0.3.5.14, 0.4.4.8, 0.4.5.7) used to run the Tor anonymous network … The new versions fix two vulnerabilities that can be used to carry out DoS attacks on Tor network nodes:
- CVE-2021-28089 – an attacker can cause denial of service to any nodes and clients Tor by creating a large load on the CPU that occurs when processing certain types of data. The most dangerous vulnerability is for relays and directory servers (Directory Authority), which are points of connection to the network, are responsible for authenticating and transmitting to the user a list of gateways that handle traffic. Directory servers are the easiest to attack because they allow anyone to upload data. Attacks against relays and clients can be attacked by loading the directory cache.
- CVE-2021-28090 – an attacker can crash the directory server by passing certain detached signatures used to convey information about the state of consensus on the network.
/Media reports.