CVE-2021-39246

2021-09-2419:15:07

Google

osv.dev

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.1%

JSON

Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the destination server (or collected by a rogue site within the Tor network).

CPENameOperatorVersion
toreqdebian-version-0.1.0.16-1
toreqtor-0.4.1.2-alpha
toreqtor-0.0.9.5
toreqtor-0.2.7.6
toreqdebian-version-0.0.1+0.0.2pre26-1
toreqtor-0.0.9.9
toreqtor-0.2.1.9-alpha
toreqdebian-version-0.0.3-1
toreqdebian-version-0.0.6.2-1
toreqtor-0.0.8pre1

Name	Operator	Version
tor	eq	debian-version-0.1.0.16-1
tor	eq	tor-0.4.1.2-alpha
tor	eq	tor-0.0.9.5
tor	eq	tor-0.2.7.6
tor	eq	debian-version-0.0.1+0.0.2pre26-1
tor	eq	tor-0.0.9.9
tor	eq	tor-0.2.1.9-alpha
tor	eq	debian-version-0.0.3-1
tor	eq	debian-version-0.0.6.2-1
tor	eq	tor-0.0.8pre1