Lucene search

ROSA LABROSA-SA-2023-2219

HistoryAug 22, 2023 - 9:57 a.m.

Advisory ROSA-SA-2023-2219

2023-08-2209:57:32

ROSA LAB

abf.rosalinux.ru

advisory

medium severity

tor 0.4.6.10

rosa-chrome

vulnerability

resolved

safesocks

logic error

insecure

socks4

trove-2022-002

update

command

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS

0.002

Percentile

58.7%

JSON

software: tor 0.4.6.10
OS: ROSA-CHROME

package_evr_string: tor-0.4.6.10-2.src.rpm

CVE-ID: CVE-2023-23589
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: The SafeSocks option in Tor before version 0.4.7.13 has a logic error that can use the insecure SOCKS4 protocol, but not the secure SOCKS4a protocol, aka TROVE-2022-002.

CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update tor

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchtor< 0.4.6.10UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ROSA	any	noarch	tor	< 0.4.6.10	UNKNOWN

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS

0.002

Percentile

58.7%

JSON

Related for ROSA-SA-2023-2219