Ukukhishwa okulungile kwekhithi yamathuluzi ye-Tor (0.3.5.14, 0.4.4.8, 0.4.5.7), okusetshenziselwa ukuhlela ukusebenza kwenethiwekhi engaziwa ye-Tor, kwethulwa. Izinguqulo ezintsha zisusa ubungozi obubili obungasetshenziswa ukwenza ukuhlaselwa kwe-DoS kumanodi enethiwekhi ye-Tor:
- I-CVE-2021-28089 - umhlaseli angabangela ukwenqatshwa kwesevisi kunoma yimaphi ama-Tor node namaklayenti ngokwakha umthwalo omkhulu we-CPU okwenzeka lapho kucutshungulwa izinhlobo ezithile zedatha. Ukuba sengozini kuyingozi kakhulu kumaseva e-relay kanye ne-Directory Authority, okuyizindawo zokuxhuma kunethiwekhi futhi anesibopho sokuqinisekisa nokudlulisela kumsebenzisi uhlu lwamasango acubungula ithrafikhi. Amaseva ohlu yiwona okulula ukuwahlasela ngoba avumela noma ubani ukuthi alayishe idatha. Ukuhlaselwa kokudluliselwa kanye namakhasimende kungahlelwa ngokulanda inqolobane yohla lwemibhalo.
- I-CVE-2021-28090 - umhlaseli angabangela iseva yohla lwemibhalo ukuthi iphahlazeke ngokudlulisela isiginesha ehlukanisiwe eklanywe ngokukhethekile, esetshenziselwa ukudlulisa ulwazi mayelana nesimo sokuvumelana kunethiwekhi.
Source: opennet.ru