A security issue has been found in Tor before version 0.4.5.9. Relays could spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams because clients failed to validate which hop sent these cells. This would allow a relay on a circuit to end a stream that wasn't actually built with it.
A security issue has been found in Tor before version 0.4.5.9. Relays could spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams because clients failed to validate which hop sent these cells. This would allow a relay on a circuit to end a stream that wasn't actually built with it.
https://blog.torproject.org/node/2041 https://gitlab.torproject.org/tpo/core/tor/-/issues/40389 https://gitlab.torproject.org/tpo/core/tor/-/commit/adb248b6d6e0779719e6b873ee12a1e22fa390f4