27 matches found
EUVD-2017-17762
Malware in sbrugna...
RUSTSEC-2024-0340 Tor path lengths too short when "full Vanguards" configured
Description When building anonymizing circuits to or from an onion service with full vanguards enabled, the circuit manager code would build the circuits with one hop too few. Impact This makes users of this code more vulnerable to some kinds of traffic analysis when they run or visit onion...
RUSTSEC-2024-0339 Tor path lengths too short when "Vanguards lite" configured
Description When building anonymizing circuits to or from an onion service with 'lite' vanguards the default enabled, the circuit manager code would build the circuits with one hop too few. Impact This makes users of this code more vulnerable to some kinds of traffic analysis when they run or vis...
Tor path lengths too short when "full Vanguards" configured
Description When building anonymizing circuits to or from an onion service with full vanguards enabled, the circuit manager code would build the circuits with one hop too few. Impact This makes users of this code more vulnerable to some kinds of traffic analysis when they run or visit onion...
Tor path lengths too short when "Vanguards lite" configured
Description When building anonymizing circuits to or from an onion service with 'lite' vanguards the default enabled, the circuit manager code would build the circuits with one hop too few. Impact This makes users of this code more vulnerable to some kinds of traffic analysis when they run or vis...
PT-2024-26429 · Tor · Tor Arti +1
Name of the Vulnerable Software and Affected Versions: Tor Arti versions prior to 1.2.3 Description: The issue arises when building anonymizing circuits to or from an onion service with 'lite' or 'full' vanguards enabled, where the circuit manager code builds the circuits with one hop too few. Th...
SUSE CVE-2017-8819
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigger this issue...
Twitter makes the leap to Tor
Tor is getting another visibility boost for people who may not otherwise come into contact with it. The reason: an attempt to navigate increasing amounts of censorship. What is Tor? The Tor network is something designed to keep communications anonymous. A variety of tools exist to make use of it,...
CVE-2021-46702
Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several...
CVE-2021-46702
Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several...
CVE-2021-46702
Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several...
Information disclosure
Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several...
Onionservice - Manage Your Onion Services Via CLI Or TUI On Unix-like Operating System With A POSIX Compliant Shell
Feature-rich Onion Service manager for UNIX-like operating systems written in POSIX conformant shellscript A collection of Onion Services features implemented for Unix-like systems following the Portable Operating System Interface standard. WARNING:do not trust this repo yet, backup your hs keys ...
OPENSUSE-SU-2021:1524-1 Security update for tor
This update for tor fixes the following issues: tor 0.4.6.8: Improving reporting of general overload state for DNS timeout errors by relays Regenerate fallback directories for October 2021 Bug fixes for onion services CVE-2021-22929: do not log v2 onion services access attempt warnings on disk...
OPENSUSE-SU-2021:1513-1 Security update for tor
This update for tor fixes the following issues: tor 0.4.6.8: Improving reporting of general overload state for DNS timeout errors by relays Regenerate fallback directories for October 2021 Bug fixes for onion services CVE-2021-22929: do not log v2 onion services access attempt warnings on disk...
Security update for tor (moderate)
openSUSE Security Update: Security update for tor Announcement ID: openSUSE-SU-2021:1513-1 Rating: moderate References: 1192658 Cross-References: CVE-2021-22929 Affected Products: openSUSE Leap 15.2 openSUSE Backports SLE-15-SP3 An update that fixes one vulnerability is now available. Description...
OPENSUSE-SU-2021:1192-1 Security update for tor
This update for tor fixes the following issues: tor 0.4.6.7: Fix a DoS via a remotely triggerable assertion failure boo1189489, TROVE-2021-007, CVE-2021-38385 tor 0.4.6.6: Enable the deterministic RNG for unit tests that covers the address set bloomfilter-based API's tor 0.4.6.5 Add controller...
OPENSUSE-SU-2021:1178-1 Security update for tor
This update for tor fixes the following issues: tor 0.4.6.7: Fix a DoS via a remotely triggerable assertion failure boo1189489, TROVE-2021-007, CVE-2021-38385 tor 0.4.6.6: Fix a compilation error with gcc 7, drop tor-0.4.6.5-gcc7.patch Enable the deterministic RNG for unit tests that covers the...
Updated tor packages fix security vulnerability
When checking for replays in the INTRODUCE1 cell data for a legacy onion service, Tor didn't correctly detect replays in the RSA- encrypted part of the cell. It was previously checking for replays on the entire cell, but those can be circumvented due to the malleability of Tor's legacy hybrid...
DEBIAN-CVE-2017-8819
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigger this issue...