| Title | Tor ≤ 0.4.8 Memory Management vulnerability |
|---|
| Description | Tor Descriptor Memory Fragmentation Vulnerability allows attackers to measure the physical memory capacity of Tor nodes by exploiting descriptor uploads that reach the cache threshold and trigger cache flush events, and subsequently disable them by abusing the descriptor update mechanism to induce large amounts of not-adjacent memory fragmentation in the glibc ptmalloc allocator that Tor relies on. This attack reliably forces Tor nodes with less than 8GB of RAM into an Out-Of-Memory crash and has the potential to disable nodes with greater memory under sustained conditions. |
|---|
| Source | ⚠️ https://github.com/chunmianwang/Tordos |
|---|
| User | wocanmei (UID 89391) |
|---|
| Submission | 08/23/2025 14:49 (10 months ago) |
|---|
| Moderation | 09/18/2025 15:57 (26 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 324814 [Tor up to 0.4.7.16/0.4.8.17 Onion Service Descriptor resource consumption] |
|---|
| Points | 20 |
|---|