[tor-bugs] #22962 [Core Tor/Tor]: Clarify the security severity of issues that make denial of service easier

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Nov 30 21:15:37 UTC 2017


#22962: Clarify the security severity of issues that make denial of service easier
--------------------------+------------------------------------
 Reporter:  teor          |          Owner:  nickm
     Type:  task          |         Status:  accepted
 Priority:  Medium        |      Milestone:  Tor: 0.3.3.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:  docs policy   |  Actual Points:
Parent ID:  #22948        |         Points:
 Reviewer:                |        Sponsor:  SponsorV
--------------------------+------------------------------------

Comment (by teor):

 Seems sensible to me.
 Are we worried that memory disclosure vulnerabilities will ever de-
 anonymise users?
 Remote crashes against clients aren't in our existing list, should they be
 high or critical?

 The last sentence in the critical section should read "… any ability to
 regain root privileges would be critical-severity."

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22962#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list