Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.
{ "vanir_signatures": [ { "id": "CVE-2016-8860-136d906e", "signature_type": "Function", "digest": { "function_hash": "22593186820255801576422474569215110671", "length": 315.0 }, "target": { "file": "src/or/buffers.c", "function": "chunk_new_with_alloc_size" }, "source": "https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57ce", "signature_version": "v1", "deprecated": false }, { "id": "CVE-2016-8860-79d0fec3", "signature_type": "Line", "digest": { "line_hashes": [ "289004723955634926807906834757318040946", "94075761601263766780601420860523207458", "164324047798555428198975883255342514038", "7282965595501564071373441955289802481", "37295353440468954510657119217497793437", "214305831132839771238914401379379685227", "209343229010733546158547749042083605496", "238089848631547043989979625511984674068", "113223007826461393026600566447578982332", "220537613119318658477057244932797947359", "104594781595978734730496422554254414632", "83751070911393539366110482153345306487", "133958301266258415063343453188611545326", "307728156606242094957928578559563021545", "311579365181274737159553060262960434443", "279930370491783612651176128733968905662", "165304423490896909399616010187318753993", "146898726585595566627124128914035343892", "54790877542081630509126346124524809027", "168871420743143484611887685249612497111", "303894783877636273418136465352289093211", "311153885815714083416858993756821936128" ], "threshold": 0.9 }, "target": { "file": "src/or/buffers.c" }, "source": "https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57ce", "signature_version": "v1", "deprecated": false }, { "id": "CVE-2016-8860-aa71b424", "signature_type": "Function", "digest": { "function_hash": "312120741571898846043836785747035318652", "length": 510.0 }, "target": { "file": "src/or/buffers.c", "function": "chunk_grow" }, "source": "https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57ce", "signature_version": "v1", "deprecated": false } ] }