Published: 29/06/2021 Updated: 12/07/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

An issue exists in Tor prior to 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.

Vulnerable Product	Search on Vulmon	Subscribe to Product
torproject tor

Debian Bug report logs - #990000 tor: CVE-2021-34548 CVE-2021-34549 CVE-2021-34550 Package: src:tor; Maintainer for src:tor is Peter Palfrader <weasel@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 17 Jun 2021 13:57:02 UTC Severity: important Tags: security, upstream Found in version t ...

Multiple security vulnerabilities were discovered in Tor, a connection-based low-latency anonymous communication system, which could result in denial of service or spoofing For the stable distribution (buster), these problems have been fixed in version 03515-1 We recommend that you upgrade your tor packages For the detailed security status of ...

A security issue has been found in Tor before version 0459 that could be exploited for a hashtable-based CPU denial-of-service attack against relays Previously a naive unkeyed hash function to look up circuits in a circuitmux object was used An attacker could exploit this to construct circuits with chosen circuit IDs, to create collisions and ...

CWE-400 https://gitlab.torproject.org/tpo/core/tor/-/issues/40391 https://blog.torproject.org/node/2041 https://security.gentoo.org/glsa/202107-25 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990000 https://nvd.nist.gov https://www.debian.org/security/2021/dsa-4932

CVE-2021-34549

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect