An gabatar da gyaran gyare-gyare na kayan aikin Tor (0.3.5.14, 0.4.4.8, 0.4.5.7), waɗanda aka yi amfani da su don tsara ayyukan cibiyar sadarwar Tor. Sabbin sigogin suna kawar da lahani guda biyu waɗanda za a iya amfani da su don aiwatar da hare-haren DoS akan nodes na cibiyar sadarwar Tor:
- CVE-2021-28089 - mai kai hari na iya haifar da ƙin sabis ga kowane nodes na Tor da abokan ciniki ta hanyar ƙirƙirar babban nauyin CPU wanda ke faruwa lokacin sarrafa wasu nau'ikan bayanai. Rashin lahani shine mafi haɗari ga relays da sabar Hukumar Gudanarwa, waɗanda ke da alaƙar haɗin kai zuwa cibiyar sadarwar kuma ke da alhakin tantancewa da watsawa ga mai amfani jerin ƙofofin da ke sarrafa zirga-zirga. Sabbin adireshi sune mafi sauƙin kai hari saboda suna ba kowa damar loda bayanai. Ana iya shirya hari akan relays da abokan ciniki ta hanyar zazzage cache na directory.
- CVE-2021-28090 - mai kai hari zai iya haifar da uwar garken adireshi ta rushe ta hanyar watsa sa hannu na musamman da aka kera, wanda ake amfani da shi don isar da bayanai game da yanayin yarjejeniya akan hanyar sadarwa.
source: budenet.ru