Kururamisa kuburitswa kweTor toolkit (0.3.5.14, 0.4.4.8, 0.4.5.7), inoshandiswa kuronga kushanda kweTor anonymous network, inoratidzwa. Idzi shanduro itsva dzinobvisa kusagadzikana kuviri kunogona kushandiswa kuita kurwisa kweDoS paTor network node:
- CVE-2021-28089 - anorwisa anogona kukonzera kuramba sevhisi kune chero maTor node uye vatengi nekugadzira yakakura CPU mutoro unoitika kana uchigadzira mamwe marudzi e data. Kusagadzikana kune njodzi zvakanyanya kune relays uye Directory Authority maseva, ari mapoinzi ekubatanidza kunetiweki uye ane basa rekuona uye kuendesa kune mushandisi runyorwa rwemagedhi anoita traffic. Directory maseva ndiwo ari nyore kurwisa nekuti anotendera chero munhu kurodha data. Kurwiswa kunopesana nerelays uye vatengi vanogona kurongeka nekurodha dhairekitori cache.
- CVE-2021-28090 - munhu anorwisa anogona kuita kuti dhairekitori server iparare nekutumira yakanyatsogadzirirwa yakavharirwa siginecha, iyo inoshandiswa kuendesa ruzivo nezve mamiriro ekubvumirana panetiweki.
Source: opennet.ru