Lucene search

[email protected]CVE-2009-0939

HistoryMar 18, 2009 - 2:00 a.m.

CVE-2009-0939

2009-03-1802:00:08

[email protected]

web.nvd.nist.gov

cve-2009-0939

tor

ipv4

spec conformance

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.0%

JSON

Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to “Spec conformance,” as demonstrated using 192.168.0.

Affected configurations

NVD

Node

tortorRange≤0.2.0.33

tortorMatch0.2.0.1alpha

tortorMatch0.2.0.2alpha

tortorMatch0.2.0.3alpha

tortorMatch0.2.0.4alpha

tortorMatch0.2.0.5alpha

tortorMatch0.2.0.6alpha

tortorMatch0.2.0.10alpha

tortorMatch0.2.0.11alpha

tortorMatch0.2.0.12alpha

tortorMatch0.2.0.13alpha

tortorMatch0.2.0.14alpha

tortorMatch0.2.0.15alpha

tortorMatch0.2.0.16alpha

tortorMatch0.2.0.17alpha

tortorMatch0.2.0.18alpha

tortorMatch0.2.0.19alpha

tortorMatch0.2.0.20alpha

tortorMatch0.2.0.21alpha

tortorMatch0.2.0.22alpha

tortorMatch0.2.0.23alpha

tortorMatch0.2.0.24alpha

tortorMatch0.2.0.25alpha

tortorMatch0.2.0.26alpha

tortorMatch0.2.0.27alpha

tortorMatch0.2.0.28alpha

tortorMatch0.2.0.29alpha

tortorMatch0.2.0.30alpha

tortorMatch0.2.0.31alpha

tortorMatch0.2.0.32alpha

CPENameOperatorVersion
tor:tortorle0.2.0.33
tor:tortoreq0.2.0.1
tor:tortoreq0.2.0.2
tor:tortoreq0.2.0.3
tor:tortoreq0.2.0.4
tor:tortoreq0.2.0.5
tor:tortoreq0.2.0.6
tor:tortoreq0.2.0.10
tor:tortoreq0.2.0.11
tor:tortoreq0.2.0.12

CPE	Name	Operator	Version
tor:tor	tor	le	0.2.0.33
tor:tor	tor	eq	0.2.0.1
tor:tor	tor	eq	0.2.0.2
tor:tor	tor	eq	0.2.0.3
tor:tor	tor	eq	0.2.0.4
tor:tor	tor	eq	0.2.0.5
tor:tor	tor	eq	0.2.0.6
tor:tor	tor	eq	0.2.0.10
tor:tor	tor	eq	0.2.0.11
tor:tor	tor	eq	0.2.0.12