4 matches found
CVE-2017-8822
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays that have incompletely downloaded descriptors can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012...
Path traversal
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays that have incompletely downloaded descriptors can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012...
CVE-2017-8822
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays that have incompletely downloaded descriptors can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012...
CVE-2017-8822
CVE-2017-8822 affects Tor relays with incompletely downloaded descriptors, enabling them to pick themselves in a circuit path and cause a degradation of anonymity. Descriptions across connected advisories confirm the issue and upstream fix is to upgrade to Tor 0.3.1.9 (or newer). Upstream notes a...