MidnightBSD

Advisories for torproject

CVE-2012-2249 MEDIUM

Tor before 0.2.3.23-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a renegotiation attempt that occurs after the initiation of the V3 link protocol.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
torproject tor 0.2.3.16
torproject tor 0.0.7.1
torproject tor 0.2.0.35
torproject tor *
torproject tor 0.0.8.1
torproject tor 0.2.2.24
torproject tor 0.2.2.20
torproject tor 0.2.3.18
torproject tor 0.0.7.3
torproject tor 0.0.9.6
torproject tor 0.1.1.21
torproject tor 0.2.2.35
torproject tor 0.2.2.37
torproject tor 0.1.0.14
torproject tor 0.2.2.30
torproject tor 0.2.3.15
torproject tor 0.2.3.21
torproject tor 0.2.2.25
torproject tor 0.2.2.34
torproject tor 0.2.3.14
torproject tor 0.2.3.13
torproject tor 0.1.0.16
torproject tor 0.2.0.30
torproject tor 0.2.3
torproject tor 0.2.2.32
torproject tor 0.2.2.36
torproject tor 0.1.0.17
torproject tor 0.2.2.31
torproject tor 0.2.2.27
torproject tor 0.0.7
torproject tor 0.1.2.13
torproject tor 0.2.2.23
torproject tor 0.0.9.9
torproject tor 0.0.9.10
torproject tor 0.0.6
torproject tor 0.2.0.32
torproject tor 0.0.6.1
torproject tor 0.1.1.20
torproject tor 0.2.0.33
torproject tor 0.2.2.21
torproject tor 0.2.2.26
torproject tor 0.2.2.29
torproject tor 0.1.0.11
torproject tor 0.1.0.15
torproject tor 0.2.3.17
torproject tor 0.1.1.23
torproject tor 0.0.3
torproject tor 0.0.9.1
torproject tor 0.0.9.5
torproject tor 0.0.2
torproject tor 0.1.2.15
torproject tor 0.1.2.17
torproject tor 0.2.2.19
torproject tor 0.0.9.3
torproject tor 0.1.2.14
torproject tor 0.1.2.16
torproject tor 0.0.4
torproject tor 0.0.6.2
torproject tor 0.2.0.34
torproject tor 0.2.2.18
torproject tor 0.2.3.19
torproject tor 0.2.2.33
torproject tor 0.1.1.25
torproject tor 0.0.7.2
torproject tor 0.1.0.12
torproject tor 0.2.2.38
torproject tor 0.1.2.18
torproject tor 0.1.0.13
torproject tor 0.2.3.20
torproject tor 0.1.1.26
torproject tor 0.0.9.7
torproject tor 0.2.2.28
torproject tor 0.0.5
torproject tor 0.1.1.22
torproject tor 0.2.2.22
torproject tor 0.0.9.8
torproject tor 0.0.9.2
torproject tor 0.0.9.4
torproject tor 0.1.0.10
torproject tor 0.1.1.24
torproject tor 0.1.2.19
torproject tor 0.2.0.31
CVE-2012-2250 MEDIUM

Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol negotiation incorrectly.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
torproject tor 0.2.3.16
torproject tor 0.0.7.1
torproject tor 0.2.0.35
torproject tor *
torproject tor 0.0.8.1
torproject tor 0.2.2.24
torproject tor 0.2.2.20
torproject tor 0.2.3.18
torproject tor 0.0.7.3
torproject tor 0.0.9.6
torproject tor 0.1.1.21
torproject tor 0.2.2.35
torproject tor 0.2.2.37
torproject tor 0.1.0.14
torproject tor 0.2.2.30
torproject tor 0.2.3.15
torproject tor 0.2.3.21
torproject tor 0.2.2.25
torproject tor 0.2.2.34
torproject tor 0.2.3.14
torproject tor 0.2.3.13
torproject tor 0.1.0.16
torproject tor 0.2.0.30
torproject tor 0.2.3
torproject tor 0.2.2.32
torproject tor 0.2.2.36
torproject tor 0.1.0.17
torproject tor 0.2.2.31
torproject tor 0.2.2.27
torproject tor 0.2.3.22
torproject tor 0.0.7
torproject tor 0.1.2.13
torproject tor 0.2.2.23
torproject tor 0.0.9.9
torproject tor 0.0.9.10
torproject tor 0.0.6
torproject tor 0.2.0.32
torproject tor 0.0.6.1
torproject tor 0.1.1.20
torproject tor 0.2.0.33
torproject tor 0.2.2.21
torproject tor 0.2.2.26
torproject tor 0.2.2.29
torproject tor 0.1.0.11
torproject tor 0.1.0.15
torproject tor 0.2.3.17
torproject tor 0.1.1.23
torproject tor 0.0.3
torproject tor 0.0.9.1
torproject tor 0.0.9.5
torproject tor 0.0.2
torproject tor 0.1.2.15
torproject tor 0.1.2.17
torproject tor 0.2.2.19
torproject tor 0.0.9.3
torproject tor 0.1.2.14
torproject tor 0.1.2.16
torproject tor 0.0.4
torproject tor 0.0.6.2
torproject tor 0.2.0.34
torproject tor 0.2.2.18
torproject tor 0.2.3.19
torproject tor 0.2.2.33
torproject tor 0.1.1.25
torproject tor 0.0.7.2
torproject tor 0.1.0.12
torproject tor 0.2.2.38
torproject tor 0.1.2.18
torproject tor 0.1.0.13
torproject tor 0.2.3.20
torproject tor 0.1.1.26
torproject tor 0.0.9.7
torproject tor 0.2.2.28
torproject tor 0.0.5
torproject tor 0.1.1.22
torproject tor 0.2.2.22
torproject tor 0.0.9.8
torproject tor 0.0.9.2
torproject tor 0.0.9.4
torproject tor 0.1.0.10
torproject tor 0.1.1.24
torproject tor 0.1.2.19
torproject tor 0.2.0.31
CVE-2013-7295 MEDIUM

Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
torproject tor 0.2.4.1
torproject tor 0.2.4.3
torproject tor 0.2.4.10
torproject tor 0.2.4.11
torproject tor 0.2.4.2
torproject tor 0.2.4.14
torproject tor *
torproject tor 0.2.4.7
torproject tor 0.2.4.13
torproject tor 0.2.4.16
torproject tor 0.2.4.18
torproject tor 0.2.4.12
torproject tor 0.2.4.5
torproject tor 0.2.4.8
torproject tor 0.2.4.15
torproject tor 0.2.4.4
torproject tor 0.2.4.6
torproject tor 0.2.4.9
torproject tor 0.2.4.17
CVE-2014-5117 MEDIUM

Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
torproject tor 0.2.4.20
torproject tor 0.2.3.16
torproject tor 0.2.4.11
torproject tor *
torproject tor 0.2.3.18
torproject tor 0.0.9.6
torproject tor 0.1.1.21
torproject tor 0.2.2.37
torproject tor 0.1.0.14
torproject tor 0.2.4.8
torproject tor 0.2.3.21
torproject tor 0.2.3.14
torproject tor 0.2.3.13
torproject tor 0.2.4.17
torproject tor 0.2.3
torproject tor 0.2.2.32
torproject tor 0.2.3.22
torproject tor 0.0.7
torproject tor 0.0.9.10
torproject tor 0.2.0.33
torproject tor 0.2.5.3
torproject tor 0.2.2.29
torproject tor 0.2.4.12
torproject tor 0.1.0.15
torproject tor 0.1.1.23
torproject tor 0.0.9.1
torproject tor 0.0.9.5
torproject tor 0.2.4.10
torproject tor 0.1.2.15
torproject tor 0.0.9.3
torproject tor 0.1.2.14
torproject tor 0.1.2.16
torproject tor 0.2.4.13
torproject tor 0.0.4
torproject tor 0.2.0.34
torproject tor 0.2.4.18
torproject tor 0.2.2.33
torproject tor 0.1.0.12
torproject tor 0.2.2.38
torproject tor 0.1.2.18
torproject tor 0.1.0.13
torproject tor 0.2.4.3
torproject tor 0.2.3.20
torproject tor 0.2.4.14
torproject tor 0.2.5.4
torproject tor 0.2.3.23
torproject tor 0.1.1.22
torproject tor 0.0.9.8
torproject tor 0.0.9.2
torproject tor 0.0.9.4
torproject tor 0.1.0.10
torproject tor 0.2.4.9
torproject tor 0.2.3.24
torproject tor 0.1.2.19
torproject tor 0.0.7.1
torproject tor 0.2.0.35
torproject tor 0.0.8.1
torproject tor 0.2.2.24
torproject tor 0.2.2.20
torproject tor 0.0.7.3
torproject tor 0.2.2.35
torproject tor 0.2.2.30
torproject tor 0.2.3.15
torproject tor 0.2.4.15
torproject tor 0.2.4.4
torproject tor 0.2.2.25
torproject tor 0.2.2.34
torproject tor 0.1.0.16
torproject tor 0.2.0.30
torproject tor 0.2.2.36
torproject tor 0.1.0.17
torproject tor 0.2.2.31
torproject tor 0.2.2.27
torproject tor 0.2.4.2
torproject tor 0.1.2.13
torproject tor 0.2.2.23
torproject tor 0.0.9.9
torproject tor 0.2.4.19
torproject tor 0.0.6
torproject tor 0.2.0.32
torproject tor 0.0.6.1
torproject tor 0.1.1.20
torproject tor 0.2.2.21
torproject tor 0.2.2.26
torproject tor 0.2.4.16
torproject tor 0.1.0.11
torproject tor 0.2.3.17
torproject tor 0.0.3
torproject tor 0.2.5.5
torproject tor 0.0.2
torproject tor 0.1.2.17
torproject tor 0.2.2.19
torproject tor 0.0.6.2
torproject tor 0.2.2.18
torproject tor 0.2.3.19
torproject tor 0.2.4.6
torproject tor 0.1.1.25
torproject tor 0.0.7.2
torproject tor 0.2.4.1
torproject tor 0.2.5.2
torproject tor 0.1.1.26
torproject tor 0.2.4.7
torproject tor 0.0.9.7
torproject tor 0.2.2.28
torproject tor 0.0.5
torproject tor 0.2.2.22
torproject tor 0.2.4.5
torproject tor 0.1.1.24
torproject tor 0.2.0.31
CVE-2015-2688 MEDIUM

buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,

Products Affected

Vendor Product Version
torproject tor *
CVE-2015-2689 MEDIUM

Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
torproject tor *
CVE-2015-2928 MEDIUM

The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
torproject tor *
CVE-2015-2929 MEDIUM

The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
torproject tor *
CVE-2016-1254 MEDIUM

Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
torproject tor *
opensuse opensuse 13.2
fedoraproject fedora 24
opensuse leap 42.2
opensuse_project leap 42.1
fedoraproject fedora 25
CVE-2016-8860 MEDIUM

Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
torproject tor *
torproject tor 0.2.9.0
torproject tor 0.2.9.2
torproject tor 0.2.9.1
torproject tor 0.2.9.3
CVE-2016-9079 MEDIUM

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux 6.0
mozilla thunderbird *
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server 5.0
redhat enterprise_linux 7.0
redhat enterprise_linux_desktop 6.0
mozilla firefox_esr *
redhat enterprise_linux 5.0
redhat enterprise_linux_server 7.0
mozilla firefox *
redhat enterprise_linux_server_aus 7.3
debian debian_linux 9.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_desktop 7.0
torproject tor -
CVE-2017-0375 MEDIUM

The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
torproject tor *
CVE-2017-0376 MEDIUM

The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
torproject tor *
CVE-2017-0377 MEDIUM

Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
torproject tor 0.3.0.2
torproject tor 0.3.0.7
torproject tor 0.3.0.6
torproject tor 0.3.0.3
torproject tor 0.3.0.5
torproject tor 0.3.0.4
torproject tor 0.3.0.8
torproject tor 0.3.0.1
CVE-2017-0380 MEDIUM

The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
torproject tor 0.3.0.7
torproject tor 0.2.9.9
torproject tor *
torproject tor 0.2.9.0
torproject tor 0.3.0.3
torproject tor 0.3.0.0
torproject tor 0.3.0.9
torproject tor 0.2.9.2
torproject tor 0.3.0.10
torproject tor 0.2.9.1
torproject tor 0.2.9.6
torproject tor 0.3.1.3
torproject tor 0.3.0.4
torproject tor 0.3.0.8
torproject tor 0.3.0.1
torproject tor 0.2.9.5
torproject tor 0.3.1.5
torproject tor 0.3.0.6
torproject tor 0.3.1.2
torproject tor 0.2.9.8
torproject tor 0.2.9.3
torproject tor 0.3.1.6
torproject tor 0.3.2
torproject tor 0.3.0.2
torproject tor 0.3.1.1
torproject tor 0.3.1.4
torproject tor 0.3.0.5
torproject tor 0.2.9.10
torproject tor 0.2.9.4
torproject tor 0.2.9.11
CVE-2017-16541 MEDIUM

Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 6.0
torproject tor *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
debian debian_linux 9.0
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_desktop 7.0
CVE-2017-16639 MEDIUM

Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. User interaction is required to trigger this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
torproject tor_browser *
CVE-2018-0490 MEDIUM

An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service (NULL pointer dereference and directory-authority crash) via a misformatted relay descriptor that is mishandled during voting.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
torproject tor 0.3.2.3
torproject tor 0.3.1.5
torproject tor 0.3.2.2
torproject tor 0.3.2.7
torproject tor 0.3.1.2
torproject tor *
torproject tor 0.3.2.8
torproject tor 0.3.1.6
torproject tor 0.3.2.6
torproject tor 0.3.1.1
torproject tor 0.3.1.4
torproject tor 0.3.2.5
debian debian_linux 9.0
torproject tor 0.3.2.9
torproject tor 0.3.1.3
torproject tor 0.3.2.1
torproject tor 0.3.2.4
CVE-2018-0491 MEDIUM

A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
torproject tor *
CVE-2018-16983 HIGH

NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
noscript noscript *
torproject tor_browser *
CVE-2019-12383 MEDIUM

Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
torproject tor_browser *
CVE-2019-13075 MEDIUM

Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
torproject tor_browser *
CVE-2019-8955 MEDIUM

In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
torproject tor 0.3.4.2
torproject tor 0.3.5.5
torproject tor 0.3.4.3
torproject tor 0.3.5.3
torproject tor 0.3.5.6
torproject tor 0.3.5.7
torproject tor 0.3.4.5
torproject tor *
torproject tor 0.3.5.1
torproject tor 0.3.5.2
torproject tor 0.3.4.0
torproject tor 0.3.4.1
torproject tor 0.3.5.0
torproject tor 0.3.4.4
torproject tor 0.4.0.1
torproject tor 0.3.4.6
torproject tor 0.3.4.7
torproject tor 0.3.5.4
CVE-2020-10592 HIGH

Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
opensuse backports sle-15
torproject tor *
opensuse leap 15.1
CVE-2020-10593 MEDIUM

Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
opensuse backports_sle 15.0
torproject tor *
opensuse leap 15.1
CVE-2020-15572 MEDIUM

Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
torproject tor *
torproject tor 0.4.4.0
torproject tor 0.4.4.1
CVE-2020-8516 MEDIUM

The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
torproject tor *
CVE-2021-28089 MEDIUM

Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
fedoraproject fedora 33
torproject tor 0.4.4.2
torproject tor *
torproject tor 0.4.4.0
torproject tor 0.4.4.1
torproject tor 0.4.4.3
CVE-2021-28090 MEDIUM

Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
fedoraproject fedora 33
torproject tor 0.4.4.2
torproject tor *
torproject tor 0.4.4.0
torproject tor 0.4.4.1
torproject tor 0.4.4.3
CVE-2021-34548 MEDIUM

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-290,

Products Affected

Vendor Product Version
torproject tor *
CVE-2021-34549 MEDIUM

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
torproject tor *
CVE-2021-34550 MEDIUM

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
torproject tor *
CVE-2021-38385 MEDIUM

Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
torproject tor *
CVE-2021-39246 LOW

Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the destination server (or collected by a rogue site within the Tor network).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 0.9 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,

Products Affected

Vendor Product Version
torproject tor_browser *
torproject tor_browser 11.0
CVE-2021-46702 LOW

Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn't properly free memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-404,

Products Affected

Vendor Product Version
torproject tor 9.0.7
CVE-2022-33903

Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
torproject tor *
CVE-2023-23589

The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.

Products Affected

Vendor Product Version
debian debian_linux 11.0
debian debian_linux 10.0
torproject tor *
fedoraproject fedora 36
fedoraproject fedora 37