Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2014-5117

Published: 30/07/2014 Updated: 07/01/2017
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Tor

Vulnerability Summary

Tor prior to 0.2.4.23 and 0.2.5 prior to 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote malicious users to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names.

Vulnerable Product Search on Vulmon Subscribe to Product

torproject tor 0.0.2

torproject tor 0.0.3

torproject tor 0.0.4

torproject tor 0.0.7.2

torproject tor 0.0.7.3

torproject tor 0.0.9.5

torproject tor 0.0.9.6

torproject tor 0.1.0.14

torproject tor 0.1.0.15

torproject tor 0.1.1.24

torproject tor 0.1.1.25

torproject tor 0.1.2.18

torproject tor 0.1.2.19

torproject tor 0.2.2.19

torproject tor 0.2.2.20

torproject tor 0.2.2.27

torproject tor 0.2.2.28

torproject tor 0.2.2.35

torproject tor 0.2.2.36

torproject tor 0.2.3.17

torproject tor 0.2.3.18

torproject tor 0.2.4.1

torproject tor 0.2.4.10

torproject tor 0.2.4.17

torproject tor 0.2.4.18

torproject tor 0.2.4.7

torproject tor 0.2.4.8

torproject tor 0.0.6.1

torproject tor 0.0.6.2

torproject tor 0.0.9.10

torproject tor 0.0.9.2

torproject tor 0.0.9.9

torproject tor 0.1.0.10

torproject tor 0.1.1.20

torproject tor 0.1.1.21

torproject tor 0.1.2.14

torproject tor 0.1.2.15

torproject tor 0.2.0.32

torproject tor 0.2.0.33

torproject tor 0.2.0.34

torproject tor 0.2.2.23

torproject tor 0.2.2.24

torproject tor 0.2.2.31

torproject tor 0.2.2.32

torproject tor 0.2.3

torproject tor 0.2.3.13

torproject tor 0.2.3.14

torproject tor 0.2.3.21

torproject tor 0.2.3.22

torproject tor 0.2.4.13

torproject tor 0.2.4.14

torproject tor 0.2.4.3

torproject tor 0.2.4.4

torproject tor 0.2.5.4

torproject tor 0.2.5.3

torproject tor 0.0.7

torproject tor 0.0.7.1

torproject tor 0.0.9.3

torproject tor 0.0.9.4

torproject tor 0.1.0.11

torproject tor 0.1.0.12

torproject tor 0.1.0.13

torproject tor 0.1.1.22

torproject tor 0.1.1.23

torproject tor 0.1.2.16

torproject tor 0.1.2.17

torproject tor 0.2.0.35

torproject tor 0.2.2.18

torproject tor 0.2.2.25

torproject tor 0.2.2.26

torproject tor 0.2.2.33

torproject tor 0.2.2.34

torproject tor 0.2.3.15

torproject tor 0.2.3.16

torproject tor 0.2.3.23

torproject tor 0.2.3.24

torproject tor 0.2.4.15

torproject tor 0.2.4.16

torproject tor 0.2.4.5

torproject tor 0.2.4.6

torproject tor 0.2.5.2

torproject tor

torproject tor 0.0.5

torproject tor 0.0.6

torproject tor 0.0.8.1

torproject tor 0.0.9.1

torproject tor 0.0.9.7

torproject tor 0.0.9.8

torproject tor 0.1.0.16

torproject tor 0.1.0.17

torproject tor 0.1.1.26

torproject tor 0.1.2.13

torproject tor 0.2.0.30

torproject tor 0.2.0.31

torproject tor 0.2.2.21

torproject tor 0.2.2.22

torproject tor 0.2.2.29

torproject tor 0.2.2.30

torproject tor 0.2.2.37

torproject tor 0.2.2.38

torproject tor 0.2.3.19

torproject tor 0.2.3.20

torproject tor 0.2.4.11

torproject tor 0.2.4.12

torproject tor 0.2.4.19

torproject tor 0.2.4.2

torproject tor 0.2.4.20

torproject tor 0.2.4.9

torproject tor 0.2.5.5

Vendor Advisories

Debian Security Advisories: DSA-2993-1 tor -- security update
Several issues have been discovered in Tor, a connection-based low-latency anonymous communication system, resulting in information leaks Relay-early cells could be used by colluding relays on the network to tag user circuits and so deploy traffic confirmation attacks [CVE-2014-5117] The updated version emits a warning and drops the ...

References

NVD-CWE-Otherhttps://lists.torproject.org/pipermail/tor-talk/2014-July/034180.htmlhttps://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attackhttps://lists.torproject.org/pipermail/tor-announce/2014-July/000094.htmlhttps://trac.torproject.org/projects/tor/ticket/1038https://lists.torproject.org/pipermail/tor-announce/2014-July/000093.htmlhttp://secunia.com/advisories/60647http://secunia.com/advisories/60084https://nvd.nist.govhttps://www.debian.org/security/./dsa-2993
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook