Tor before 0.2.3.23-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a renegotiation attempt that occurs after the initiation of the V3 link protocol.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor | 0.2.3.16 |
| torproject | tor | 0.0.7.1 |
| torproject | tor | 0.2.0.35 |
| torproject | tor | * |
| torproject | tor | 0.0.8.1 |
| torproject | tor | 0.2.2.24 |
| torproject | tor | 0.2.2.20 |
| torproject | tor | 0.2.3.18 |
| torproject | tor | 0.0.7.3 |
| torproject | tor | 0.0.9.6 |
| torproject | tor | 0.1.1.21 |
| torproject | tor | 0.2.2.35 |
| torproject | tor | 0.2.2.37 |
| torproject | tor | 0.1.0.14 |
| torproject | tor | 0.2.2.30 |
| torproject | tor | 0.2.3.15 |
| torproject | tor | 0.2.3.21 |
| torproject | tor | 0.2.2.25 |
| torproject | tor | 0.2.2.34 |
| torproject | tor | 0.2.3.14 |
| torproject | tor | 0.2.3.13 |
| torproject | tor | 0.1.0.16 |
| torproject | tor | 0.2.0.30 |
| torproject | tor | 0.2.3 |
| torproject | tor | 0.2.2.32 |
| torproject | tor | 0.2.2.36 |
| torproject | tor | 0.1.0.17 |
| torproject | tor | 0.2.2.31 |
| torproject | tor | 0.2.2.27 |
| torproject | tor | 0.0.7 |
| torproject | tor | 0.1.2.13 |
| torproject | tor | 0.2.2.23 |
| torproject | tor | 0.0.9.9 |
| torproject | tor | 0.0.9.10 |
| torproject | tor | 0.0.6 |
| torproject | tor | 0.2.0.32 |
| torproject | tor | 0.0.6.1 |
| torproject | tor | 0.1.1.20 |
| torproject | tor | 0.2.0.33 |
| torproject | tor | 0.2.2.21 |
| torproject | tor | 0.2.2.26 |
| torproject | tor | 0.2.2.29 |
| torproject | tor | 0.1.0.11 |
| torproject | tor | 0.1.0.15 |
| torproject | tor | 0.2.3.17 |
| torproject | tor | 0.1.1.23 |
| torproject | tor | 0.0.3 |
| torproject | tor | 0.0.9.1 |
| torproject | tor | 0.0.9.5 |
| torproject | tor | 0.0.2 |
| torproject | tor | 0.1.2.15 |
| torproject | tor | 0.1.2.17 |
| torproject | tor | 0.2.2.19 |
| torproject | tor | 0.0.9.3 |
| torproject | tor | 0.1.2.14 |
| torproject | tor | 0.1.2.16 |
| torproject | tor | 0.0.4 |
| torproject | tor | 0.0.6.2 |
| torproject | tor | 0.2.0.34 |
| torproject | tor | 0.2.2.18 |
| torproject | tor | 0.2.3.19 |
| torproject | tor | 0.2.2.33 |
| torproject | tor | 0.1.1.25 |
| torproject | tor | 0.0.7.2 |
| torproject | tor | 0.1.0.12 |
| torproject | tor | 0.2.2.38 |
| torproject | tor | 0.1.2.18 |
| torproject | tor | 0.1.0.13 |
| torproject | tor | 0.2.3.20 |
| torproject | tor | 0.1.1.26 |
| torproject | tor | 0.0.9.7 |
| torproject | tor | 0.2.2.28 |
| torproject | tor | 0.0.5 |
| torproject | tor | 0.1.1.22 |
| torproject | tor | 0.2.2.22 |
| torproject | tor | 0.0.9.8 |
| torproject | tor | 0.0.9.2 |
| torproject | tor | 0.0.9.4 |
| torproject | tor | 0.1.0.10 |
| torproject | tor | 0.1.1.24 |
| torproject | tor | 0.1.2.19 |
| torproject | tor | 0.2.0.31 |
Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol negotiation incorrectly.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor | 0.2.3.16 |
| torproject | tor | 0.0.7.1 |
| torproject | tor | 0.2.0.35 |
| torproject | tor | * |
| torproject | tor | 0.0.8.1 |
| torproject | tor | 0.2.2.24 |
| torproject | tor | 0.2.2.20 |
| torproject | tor | 0.2.3.18 |
| torproject | tor | 0.0.7.3 |
| torproject | tor | 0.0.9.6 |
| torproject | tor | 0.1.1.21 |
| torproject | tor | 0.2.2.35 |
| torproject | tor | 0.2.2.37 |
| torproject | tor | 0.1.0.14 |
| torproject | tor | 0.2.2.30 |
| torproject | tor | 0.2.3.15 |
| torproject | tor | 0.2.3.21 |
| torproject | tor | 0.2.2.25 |
| torproject | tor | 0.2.2.34 |
| torproject | tor | 0.2.3.14 |
| torproject | tor | 0.2.3.13 |
| torproject | tor | 0.1.0.16 |
| torproject | tor | 0.2.0.30 |
| torproject | tor | 0.2.3 |
| torproject | tor | 0.2.2.32 |
| torproject | tor | 0.2.2.36 |
| torproject | tor | 0.1.0.17 |
| torproject | tor | 0.2.2.31 |
| torproject | tor | 0.2.2.27 |
| torproject | tor | 0.2.3.22 |
| torproject | tor | 0.0.7 |
| torproject | tor | 0.1.2.13 |
| torproject | tor | 0.2.2.23 |
| torproject | tor | 0.0.9.9 |
| torproject | tor | 0.0.9.10 |
| torproject | tor | 0.0.6 |
| torproject | tor | 0.2.0.32 |
| torproject | tor | 0.0.6.1 |
| torproject | tor | 0.1.1.20 |
| torproject | tor | 0.2.0.33 |
| torproject | tor | 0.2.2.21 |
| torproject | tor | 0.2.2.26 |
| torproject | tor | 0.2.2.29 |
| torproject | tor | 0.1.0.11 |
| torproject | tor | 0.1.0.15 |
| torproject | tor | 0.2.3.17 |
| torproject | tor | 0.1.1.23 |
| torproject | tor | 0.0.3 |
| torproject | tor | 0.0.9.1 |
| torproject | tor | 0.0.9.5 |
| torproject | tor | 0.0.2 |
| torproject | tor | 0.1.2.15 |
| torproject | tor | 0.1.2.17 |
| torproject | tor | 0.2.2.19 |
| torproject | tor | 0.0.9.3 |
| torproject | tor | 0.1.2.14 |
| torproject | tor | 0.1.2.16 |
| torproject | tor | 0.0.4 |
| torproject | tor | 0.0.6.2 |
| torproject | tor | 0.2.0.34 |
| torproject | tor | 0.2.2.18 |
| torproject | tor | 0.2.3.19 |
| torproject | tor | 0.2.2.33 |
| torproject | tor | 0.1.1.25 |
| torproject | tor | 0.0.7.2 |
| torproject | tor | 0.1.0.12 |
| torproject | tor | 0.2.2.38 |
| torproject | tor | 0.1.2.18 |
| torproject | tor | 0.1.0.13 |
| torproject | tor | 0.2.3.20 |
| torproject | tor | 0.1.1.26 |
| torproject | tor | 0.0.9.7 |
| torproject | tor | 0.2.2.28 |
| torproject | tor | 0.0.5 |
| torproject | tor | 0.1.1.22 |
| torproject | tor | 0.2.2.22 |
| torproject | tor | 0.0.9.8 |
| torproject | tor | 0.0.9.2 |
| torproject | tor | 0.0.9.4 |
| torproject | tor | 0.1.0.10 |
| torproject | tor | 0.1.1.24 |
| torproject | tor | 0.1.2.19 |
| torproject | tor | 0.2.0.31 |
Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor | 0.2.4.1 |
| torproject | tor | 0.2.4.3 |
| torproject | tor | 0.2.4.10 |
| torproject | tor | 0.2.4.11 |
| torproject | tor | 0.2.4.2 |
| torproject | tor | 0.2.4.14 |
| torproject | tor | * |
| torproject | tor | 0.2.4.7 |
| torproject | tor | 0.2.4.13 |
| torproject | tor | 0.2.4.16 |
| torproject | tor | 0.2.4.18 |
| torproject | tor | 0.2.4.12 |
| torproject | tor | 0.2.4.5 |
| torproject | tor | 0.2.4.8 |
| torproject | tor | 0.2.4.15 |
| torproject | tor | 0.2.4.4 |
| torproject | tor | 0.2.4.6 |
| torproject | tor | 0.2.4.9 |
| torproject | tor | 0.2.4.17 |
Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor | 0.2.4.20 |
| torproject | tor | 0.2.3.16 |
| torproject | tor | 0.2.4.11 |
| torproject | tor | * |
| torproject | tor | 0.2.3.18 |
| torproject | tor | 0.0.9.6 |
| torproject | tor | 0.1.1.21 |
| torproject | tor | 0.2.2.37 |
| torproject | tor | 0.1.0.14 |
| torproject | tor | 0.2.4.8 |
| torproject | tor | 0.2.3.21 |
| torproject | tor | 0.2.3.14 |
| torproject | tor | 0.2.3.13 |
| torproject | tor | 0.2.4.17 |
| torproject | tor | 0.2.3 |
| torproject | tor | 0.2.2.32 |
| torproject | tor | 0.2.3.22 |
| torproject | tor | 0.0.7 |
| torproject | tor | 0.0.9.10 |
| torproject | tor | 0.2.0.33 |
| torproject | tor | 0.2.5.3 |
| torproject | tor | 0.2.2.29 |
| torproject | tor | 0.2.4.12 |
| torproject | tor | 0.1.0.15 |
| torproject | tor | 0.1.1.23 |
| torproject | tor | 0.0.9.1 |
| torproject | tor | 0.0.9.5 |
| torproject | tor | 0.2.4.10 |
| torproject | tor | 0.1.2.15 |
| torproject | tor | 0.0.9.3 |
| torproject | tor | 0.1.2.14 |
| torproject | tor | 0.1.2.16 |
| torproject | tor | 0.2.4.13 |
| torproject | tor | 0.0.4 |
| torproject | tor | 0.2.0.34 |
| torproject | tor | 0.2.4.18 |
| torproject | tor | 0.2.2.33 |
| torproject | tor | 0.1.0.12 |
| torproject | tor | 0.2.2.38 |
| torproject | tor | 0.1.2.18 |
| torproject | tor | 0.1.0.13 |
| torproject | tor | 0.2.4.3 |
| torproject | tor | 0.2.3.20 |
| torproject | tor | 0.2.4.14 |
| torproject | tor | 0.2.5.4 |
| torproject | tor | 0.2.3.23 |
| torproject | tor | 0.1.1.22 |
| torproject | tor | 0.0.9.8 |
| torproject | tor | 0.0.9.2 |
| torproject | tor | 0.0.9.4 |
| torproject | tor | 0.1.0.10 |
| torproject | tor | 0.2.4.9 |
| torproject | tor | 0.2.3.24 |
| torproject | tor | 0.1.2.19 |
| torproject | tor | 0.0.7.1 |
| torproject | tor | 0.2.0.35 |
| torproject | tor | 0.0.8.1 |
| torproject | tor | 0.2.2.24 |
| torproject | tor | 0.2.2.20 |
| torproject | tor | 0.0.7.3 |
| torproject | tor | 0.2.2.35 |
| torproject | tor | 0.2.2.30 |
| torproject | tor | 0.2.3.15 |
| torproject | tor | 0.2.4.15 |
| torproject | tor | 0.2.4.4 |
| torproject | tor | 0.2.2.25 |
| torproject | tor | 0.2.2.34 |
| torproject | tor | 0.1.0.16 |
| torproject | tor | 0.2.0.30 |
| torproject | tor | 0.2.2.36 |
| torproject | tor | 0.1.0.17 |
| torproject | tor | 0.2.2.31 |
| torproject | tor | 0.2.2.27 |
| torproject | tor | 0.2.4.2 |
| torproject | tor | 0.1.2.13 |
| torproject | tor | 0.2.2.23 |
| torproject | tor | 0.0.9.9 |
| torproject | tor | 0.2.4.19 |
| torproject | tor | 0.0.6 |
| torproject | tor | 0.2.0.32 |
| torproject | tor | 0.0.6.1 |
| torproject | tor | 0.1.1.20 |
| torproject | tor | 0.2.2.21 |
| torproject | tor | 0.2.2.26 |
| torproject | tor | 0.2.4.16 |
| torproject | tor | 0.1.0.11 |
| torproject | tor | 0.2.3.17 |
| torproject | tor | 0.0.3 |
| torproject | tor | 0.2.5.5 |
| torproject | tor | 0.0.2 |
| torproject | tor | 0.1.2.17 |
| torproject | tor | 0.2.2.19 |
| torproject | tor | 0.0.6.2 |
| torproject | tor | 0.2.2.18 |
| torproject | tor | 0.2.3.19 |
| torproject | tor | 0.2.4.6 |
| torproject | tor | 0.1.1.25 |
| torproject | tor | 0.0.7.2 |
| torproject | tor | 0.2.4.1 |
| torproject | tor | 0.2.5.2 |
| torproject | tor | 0.1.1.26 |
| torproject | tor | 0.2.4.7 |
| torproject | tor | 0.0.9.7 |
| torproject | tor | 0.2.2.28 |
| torproject | tor | 0.0.5 |
| torproject | tor | 0.2.2.22 |
| torproject | tor | 0.2.4.5 |
| torproject | tor | 0.1.1.24 |
| torproject | tor | 0.2.0.31 |
buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-755,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor | * |
Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor | * |
The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor | * |
The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor | * |
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| torproject | tor | * |
| opensuse | opensuse | 13.2 |
| fedoraproject | fedora | 24 |
| opensuse | leap | 42.2 |
| opensuse_project | leap | 42.1 |
| fedoraproject | fedora | 25 |
Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor | * |
| torproject | tor | 0.2.9.0 |
| torproject | tor | 0.2.9.2 |
| torproject | tor | 0.2.9.1 |
| torproject | tor | 0.2.9.3 |
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_eus | 7.3 |
| redhat | enterprise_linux | 6.0 |
| mozilla | thunderbird | * |
| redhat | enterprise_linux_server_eus | 7.5 |
| redhat | enterprise_linux_workstation | 5.0 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_server | 5.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| mozilla | firefox_esr | * |
| redhat | enterprise_linux | 5.0 |
| redhat | enterprise_linux_server | 7.0 |
| mozilla | firefox | * |
| redhat | enterprise_linux_server_aus | 7.3 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_desktop | 5.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| torproject | tor | - |
The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor | * |
The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| torproject | tor | * |
Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor | 0.3.0.2 |
| torproject | tor | 0.3.0.7 |
| torproject | tor | 0.3.0.6 |
| torproject | tor | 0.3.0.3 |
| torproject | tor | 0.3.0.5 |
| torproject | tor | 0.3.0.4 |
| torproject | tor | 0.3.0.8 |
| torproject | tor | 0.3.0.1 |
The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor | 0.3.0.7 |
| torproject | tor | 0.2.9.9 |
| torproject | tor | * |
| torproject | tor | 0.2.9.0 |
| torproject | tor | 0.3.0.3 |
| torproject | tor | 0.3.0.0 |
| torproject | tor | 0.3.0.9 |
| torproject | tor | 0.2.9.2 |
| torproject | tor | 0.3.0.10 |
| torproject | tor | 0.2.9.1 |
| torproject | tor | 0.2.9.6 |
| torproject | tor | 0.3.1.3 |
| torproject | tor | 0.3.0.4 |
| torproject | tor | 0.3.0.8 |
| torproject | tor | 0.3.0.1 |
| torproject | tor | 0.2.9.5 |
| torproject | tor | 0.3.1.5 |
| torproject | tor | 0.3.0.6 |
| torproject | tor | 0.3.1.2 |
| torproject | tor | 0.2.9.8 |
| torproject | tor | 0.2.9.3 |
| torproject | tor | 0.3.1.6 |
| torproject | tor | 0.3.2 |
| torproject | tor | 0.3.0.2 |
| torproject | tor | 0.3.1.1 |
| torproject | tor | 0.3.1.4 |
| torproject | tor | 0.3.0.5 |
| torproject | tor | 0.2.9.10 |
| torproject | tor | 0.2.9.4 |
| torproject | tor | 0.2.9.11 |
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_eus | 7.5 |
| redhat | enterprise_linux_server_tus | 7.7 |
| redhat | enterprise_linux_server | 6.0 |
| torproject | tor | * |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_eus | 7.6 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_aus | 7.6 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux_eus | 7.7 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_desktop | 7.0 |
Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. User interaction is required to trigger this vulnerability.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor_browser | * |
An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service (NULL pointer dereference and directory-authority crash) via a misformatted relay descriptor that is mishandled during voting.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor | 0.3.2.3 |
| torproject | tor | 0.3.1.5 |
| torproject | tor | 0.3.2.2 |
| torproject | tor | 0.3.2.7 |
| torproject | tor | 0.3.1.2 |
| torproject | tor | * |
| torproject | tor | 0.3.2.8 |
| torproject | tor | 0.3.1.6 |
| torproject | tor | 0.3.2.6 |
| torproject | tor | 0.3.1.1 |
| torproject | tor | 0.3.1.4 |
| torproject | tor | 0.3.2.5 |
| debian | debian_linux | 9.0 |
| torproject | tor | 0.3.2.9 |
| torproject | tor | 0.3.1.3 |
| torproject | tor | 0.3.2.1 |
| torproject | tor | 0.3.2.4 |
A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor | * |
NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| noscript | noscript | * |
| torproject | tor_browser | * |
Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-203,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor_browser | * |
Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor_browser | * |
In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor | 0.3.4.2 |
| torproject | tor | 0.3.5.5 |
| torproject | tor | 0.3.4.3 |
| torproject | tor | 0.3.5.3 |
| torproject | tor | 0.3.5.6 |
| torproject | tor | 0.3.5.7 |
| torproject | tor | 0.3.4.5 |
| torproject | tor | * |
| torproject | tor | 0.3.5.1 |
| torproject | tor | 0.3.5.2 |
| torproject | tor | 0.3.4.0 |
| torproject | tor | 0.3.4.1 |
| torproject | tor | 0.3.5.0 |
| torproject | tor | 0.3.4.4 |
| torproject | tor | 0.4.0.1 |
| torproject | tor | 0.3.4.6 |
| torproject | tor | 0.3.4.7 |
| torproject | tor | 0.3.5.4 |
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | backports | sle-15 |
| torproject | tor | * |
| opensuse | leap | 15.1 |
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | backports_sle | 15.0 |
| torproject | tor | * |
| opensuse | leap | 15.1 |
Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor | * |
| torproject | tor | 0.4.4.0 |
| torproject | tor | 0.4.4.1 |
The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor | * |
Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 33 |
| torproject | tor | 0.4.4.2 |
| torproject | tor | * |
| torproject | tor | 0.4.4.0 |
| torproject | tor | 0.4.4.1 |
| torproject | tor | 0.4.4.3 |
Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 33 |
| torproject | tor | 0.4.4.2 |
| torproject | tor | * |
| torproject | tor | 0.4.4.0 |
| torproject | tor | 0.4.4.1 |
| torproject | tor | 0.4.4.3 |
An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-290,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor | * |
An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor | * |
An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor | * |
Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor | * |
Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the destination server (or collected by a rogue site within the Tor network).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 0.9 | 5.2 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor_browser | * |
| torproject | tor_browser | 11.0 |
Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn't properly free memory.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-404,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor | 9.0.7 |
Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| torproject | tor | * |
The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 11.0 |
| debian | debian_linux | 10.0 |
| torproject | tor | * |
| fedoraproject | fedora | 36 |
| fedoraproject | fedora | 37 |