### [CVE-2017-8821](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8821)
![](https://img.shields.io/static/v1?label=Product&message=Tor%20before%200.2.5.16%2C%200.2.6%20through%200.2.8%20before%200.2.8.17%2C%200.2.9%20before%200.2.9.14%2C%200.3.0%20before%200.3.0.13%2C%20and%200.3.1%20before%200.3.1.9&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=application%20hang&color=brighgreen)

### Description

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the OpenSSL library to ask the user for the password, aka TROVE-2017-011.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/chnzzh/OpenSSL-CVE-lib