Product:

Tor

(Torproject)
Repositories https://github.com/torproject/tor
#Vulnerabilities 35
Date Id Summary Products Score Patch Annotated
2023-01-14 CVE-2023-23589 The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. Debian_linux, Fedora, Tor 6.5
2014-02-03 CVE-2012-2249 Tor before 0.2.3.23-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a renegotiation attempt that occurs after the initiation of the V3 link protocol. Tor N/A
2014-02-03 CVE-2012-2250 Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol negotiation incorrectly. Tor N/A
2017-12-05 CVE-2016-1254 Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. Debian_linux, Fedora, Leap, Opensuse, Leap, Tor 7.5
2020-03-23 CVE-2020-10593 Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit. Backports_sle, Leap, Tor 7.5
2017-11-04 CVE-2017-16541 Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. Debian_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Tor 6.5
2020-03-23 CVE-2020-10592 Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002. Backports, Leap, Tor 7.5
2020-01-24 CVE-2015-2929 The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor. Tor N/A
2020-01-24 CVE-2015-2928 The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. Tor N/A
2020-01-24 CVE-2015-2689 Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets. Tor N/A