Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Tor
(Torproject)| Repositories | https://github.com/torproject/tor |
| #Vulnerabilities | 35 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-02-02 | CVE-2020-8516 | The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability | Tor | 5.3 | ||
| 2014-02-03 | CVE-2012-2249 | Tor before 0.2.3.23-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a renegotiation attempt that occurs after the initiation of the V3 link protocol. | Tor | N/A | ||
| 2014-02-03 | CVE-2012-2250 | Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol negotiation incorrectly. | Tor | N/A | ||
| 2017-12-05 | CVE-2016-1254 | Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. | Debian_linux, Fedora, Leap, Opensuse, Leap, Tor | 7.5 | ||
| 2021-03-19 | CVE-2021-28089 | Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001. | Fedora, Tor | 7.5 | ||
| 2021-03-19 | CVE-2021-28090 | Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002. | Fedora, Tor | 5.3 | ||
| 2023-01-14 | CVE-2023-23589 | The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. | Debian_linux, Fedora, Tor | 6.5 | ||
| 2021-06-29 | CVE-2021-34548 | An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream. | Tor | 7.5 | ||
| 2021-08-30 | CVE-2021-38385 | Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007. | Tor | 7.5 | ||
| 2022-07-17 | CVE-2022-33903 | Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation. | Tor | 7.5 |