Published: 03/12/2017 Updated: 21/12/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 3.7 | Impact Score: 1.4 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

In Tor prior to 0.2.5.16, 0.2.6 up to and including 0.2.8 prior to 0.2.8.17, 0.2.9 prior to 0.2.9.14, 0.3.0 prior to 0.3.0.13, and 0.3.1 prior to 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tor project tor
debian debian linux 9.0
debian debian linux 8.0

Multiple vulnerabilities have been found in Tor, a connection-based low-latency anonymous communication system For the oldstable distribution (jessie), these problems have been fixed in version 02516-1 For the stable distribution (stretch), these problems have been fixed in version 02914-1 We recommend that you upgrade your tor packages F ...

In Tor before 0319, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012 ...

CWE-417 https://bugs.torproject.org/24333 https://bugs.torproject.org/21534 https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 https://www.debian.org/security/2017/dsa-4054 https://nvd.nist.gov https://www.debian.org/security/./dsa-4054

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-8822

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect