Tor 0.3.5.16 contains a fix for a remotely triggerable denial-of-service vulnerability.
https://gitweb.torproject.org/tor.git/plain/ChangeLog