CVE-2026-44602

Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006...

EUVD-2009-2420

Malware in sbrugna...

PT-2023-35503 · Tor · Tor

Name of the Vulnerable Software and Affected Versions: tor versions 0.4.7.12 through 0.4.7.13 Description: The issue concerns a fix for the SafeSocks option to avoid DNS leaks. Additionally, there are improvements to congestion control and a fix for relay channel handling. New metrics are also...

PT-2023-19061 · Tor +1 · Tor +1

Name of the Vulnerable Software and Affected Versions: Tor versions prior to 0.4.7.13 Description: The issue is related to a logic error in the SafeSocks option, where the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol. Recommendations: For versions prior to 0.4.7.13, update...

OPENSUSE-SU-2022:10023-1 Security update for tor

This update for tor fixes the following issues: tor was updated to 0.4.7.8: Fix a scenario where RTT estimation can become wedged, seriously degrading congestion control performance on all circuits. This impacts clients, onion services, and relays, and can be triggered remotely by a malicious...

OPENSUSE-SU-2021:1513-1 Security update for tor

This update for tor fixes the following issues: tor 0.4.6.8: Improving reporting of general overload state for DNS timeout errors by relays Regenerate fallback directories for October 2021 Bug fixes for onion services CVE-2021-22929: do not log v2 onion services access attempt warnings on disk...

OPENSUSE-SU-2021:1192-1 Security update for tor

This update for tor fixes the following issues: tor 0.4.6.7: Fix a DoS via a remotely triggerable assertion failure boo1189489, TROVE-2021-007, CVE-2021-38385 tor 0.4.6.6: Enable the deterministic RNG for unit tests that covers the address set bloomfilter-based API's tor 0.4.6.5 Add controller...

Spoofable Relay

tor:sid is vulnerable to spoofable relays. Relays could spoof RELAYEND or RELAYRESOLVED cell on half-closed streams because clients failed to validate which hop sent these cells. This would allow a relay on a circuit to end a stream that wasn't actually built with it...

PT-2021-4125 · Tor +4 · Tor +4

Name of the Vulnerable Software and Affected Versions: Tor versions prior to 0.4.6.5 Description: The issue is related to errors in authorization, allowing a remote attacker to cause a denial of service. An attacker can forge RELAY END or RELAY RESOLVED to bypass the intended access control for...

OPENSUSE-SU-2021:0474-1 Security update for tor

This update for tor fixes the following issues: tor was updated to 0.4.5.7 https://lists.torproject.org/pipermail/tor-announce/2021-March/000216.html Fix 2 denial of service security issues boo1183726 + Disable the dumpdesc function that we used to dump unparseable information to disk...

CVE-2021-28089

Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001...

OPENSUSE-SU-2020:0428-1 Security update for tor

This update for tor to version 0.3.5.10 fixes the following issues: - tor was updated to version 0.3.5.10: - CVE-2020-10592: Fixed a CPU consumption denial of service and timing patterns boo1167013 - CVE-2020-10593: Fixed a circuit padding memory leak boo1167014 This update was imported from the...

DEBIAN-CVE-2020-10592

Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service CPU consumption, aka TROVE-2020-002...

CVE-2015-2688

bufpullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service assertion failure and daemon exit via crafted packets...

CVE-2015-2928

The Hidden Service HS server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service assertion failure and daemon exit via unspecified vectors...

OPENSUSE-SU-2019:1107-1 Security update for tor

This update for tor to version 0.3.4.11 fixes the following issues: Security issue fixed: - CVE-2019-8955: Fixed a vulnerability in the KIST cell scheduler which could lead to memory exhaustion and finally Denial-of-Service bsc1126340...

CVE-2018-0490

An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service NULL pointer dereference and directory-authority crash via a misformatted rel...

CVE-2017-8819

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigger this issue...

Tor Browser 3.6.4 and 4.0-alpha-1 are released

The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical...

tor user deanonymizing

User deanonimization via Relay-early cells...