41 matches found
CVE-2016-9079
CVE-2016-9079 is a use-after-free vulnerability in Mozilla Firefox/Thunderbird SVG Animation. Affected: Firefox < 50.0.2, Firefox ESR < 45.5.1, Thunderbird
CVE-2021-28090
CVE-2021-28090 affects Tor up to version 0.4.5.7, where a bug in appending detached signatures to a pending consensus document could be exploited to crash a directory authority via an assertion failure (TROVE-2021-002). Open-source advisories and Nessus/Gentoo/OpenSUSE entries confirm this and re...
CVE-2017-16541
CVE-2017-16541 concerns Tor Browser before 7.0.9 for macOS/Linux, where crafted web content abusing Firefox file:// handling could reveal the client’s IP address, i.e., a partial anonymity bypass. Several connected advisories (e.g., CESA-2018:3403, DSA-4327-1) cite Mozilla Firefox/Thunderbird upd...
CVE-2021-34548
The CVE-2021-34548 entry pertains to Tor up to version 0.4.6.5 (TROVE-2021-003). Affected component: Tor relay/stream handling where an attacker can forge RELAY_END or RELAY_RESOLVED to bypass access control on half‑closed streams, potentially terminating streams or impacting availability. Impact...
CVE-2021-28089
CVE-2021-28089 affects Tor before 0.4.5.7, enabling a remote participant in the Tor directory protocol to exhaust CPU resources on a target (denial of service). Connected advisories trace the issue to a memory/CPU handling flaw (dump_desc() dumping unparseable data) and related directory‑consensu...
CVE-2020-10592
Tor is affected by CVE-2020-10592 (CPU consumption DoS) and CVE-2020-10593 (circuit padding memory leak) in versions before 0.3.5.10/0.4.x before 0.4.1.9/0.4.2.x before 0.4.2.7. Public advisories indicate upgrades to Tor 0.3.5.12 or later (e.g., 0.3.5.12, and later 0.3.5.x lines) address these is...
CVE-2021-34549
CVE-2021-34549 affects Tor prior to 0.4.6.5. The issue is a hashtable-based CPU denial-of-service attack against relays: an attacker can exploit a naive, unkeyed hash used to look up circuits in a circuitmux to construct circuits with chosen circuit IDs, causing collisions and degraded performanc...
CVE-2021-34550
Tor before 0.4.6.5 has a vulnerability in the v3 onion service descriptor parser that allows out-of-bounds memory access, causing client crashes. The issue is documented as CVE-2021-34550. Connected advisories indicate the vulnerability could lead to denial of service for relays/clients and that ...
CVE-2020-10593
CVE-2020-10593 affects Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7. Root cause: a circuit-padding machine can be negotiated twice on the same circuit (circpad_setup_machine_on_circ), causing a memory leak that leads to DoS. Exploitation details are not provided beyond th...
CVE-2021-38385
Tor vulnerable in versions before 0.3.5.16, 0.4.5.10, and 0.4.6.7 due to mishandling the relationship between batch-signature and single-signature verification, causing remote assertion failures (TROVE-2021-007). Connected advisories confirm the issue across multiple distributions and recommend u...
CVE-2019-8955
CVE-2019-8955 affects Tor before certain updates, where a memory exhaustion in the KIST cell scheduler could enable a remote denial-of-service. Affected lines include Tor versions up to 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha. Public docs (OpenSUS...
CVE-2020-15572
CVE-2020-15572 affects Tor prior to 0.4.3.6 and is caused by an out-of-bounds memory access when using NSS (TROVE-2020-001), allowing a remote denial-of-service (crash) target at affected Tor instances. Multiple advisories confirm the vulnerability and provide fixes in later Tor releases: 0.4.4.6...
CVE-2022-33903
CVE-2022-33903 affects Tor 0.4.7.x before 0.4.7.8; a denial-of-service can result from wedging RTT estimation. Public details across connected sources confirm the vulnerable range and the fixed version (0.4.7.8). Mitigation is upgrading to Tor 0.4.7.8 or applying vendor advisories (e.g., OpenSUSE...
CVE-2020-8516
Affected software / component: Tor daemon up to 0.4.1.8 and 0.4.2.x through 0.4.2.6. Root cause: The daemon does not verify that a rendezvous node is known before attempting to connect to it. Impact (as stated): may allow remote attackers to discover circuit information. Contested note: Tor netwo...
CVE-2018-0491
Tor 0.3.2.x before 0.3.2.10 contains a use-after-free vulnerability (CVE-2018-0491) in the KIST channel handling, where a channel can be added more than once in the pending list. This allows remote attackers to trigger a denial-of-service (relay crash). Upgrade to Tor 0.3.2.10 or later to remedia...
CVE-2018-0490
Affected software: Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10.** What’s vulnerable: The directory-authority protocol-list subprotocol handling mishandles a misformatted relay descriptor during voting, enabling a remote attacker to trigger a NULL pointer dereference ...
CVE-2016-1254
Tor before 0.2.8.12 is affected by CVE-2016-1254. The vulnerability arises from parsing hidden service descriptors and can cause a denial-of-service client crash. Affected products are Tor releases prior to 0.2.8.12; exploitation details are not provided beyond the crash condition. Remediation is...
CVE-2021-46702
Tor Browser 9.0.7 on Windows 10 build 10586 is reported vulnerable to information disclosure through memory not being properly freed, enabling local attackers to infer visited onion services by analyzing RAM hours after use. The root cause is described as improper memory release. Impact is inform...
CVE-2017-0376
The CVE-2017-0376 vulnerability affects Tor prior to 0.3.0.8, caused by a flaw in the hidden-service code when receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. This can trigger an assertion failure and daemon exit, resulting in denial of service. Upstream fixes are in Tor 0.3.0....
CVE-2017-0380
CVE-2017-0380 affects Tor releases up to 0.3.1.x before 0.3.1.7, and older 0.2.9.x before 0.2.9.12, with SafeLogging disabled. The vulnerability arises in rend_service_intro_established in or/rendservice.c where an error message about constructing an introduction point circuit may leak uninitiali...
CVE-2015-2928
In CVE-2015-2928, the Hidden Service server in Tor is vulnerable to remote Denial of Service via unspecified vectors in older releases: Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7. The issue causes an assertion failure and daemon exit. Remediation is to upgrade to the...
CVE-2014-5117
CVE-2014-5117 affects Tor: in Tor 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha, a client can be left with a circuit after an inbound RELAY_EARLY cell, enabling traffic-confirmation via RELAY/RELAY_EARLY patterns. Public advisories across multiple distros (Fedora/OpenSUSE/Mandriva) reference this vulne...
CVE-2015-2929
CVE-2015-2929 affects the Hidden Service client in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7. A malformed HS descriptor can cause a denial of service (assertion failure and application exit) on remote servers. Connected sources corroborate the remediation path: upgr...
CVE-2023-23589
CVE-2023-23589 concerns Tor’s SafeSocks option. A logic error lets unsafe SOCKS4 traffic pass while blocking the safe SOCKS4a path (TROVE-2022-002). Affected: Tor before 0.4.7.13 (various distributions reference this vulnerability in advisories and security updates). Impact stated in sources: exp...
CVE-2015-2688
CVE-2015-2688 affects Tor versions before 0.2.4.26 and 0.2.5.x before 0.2.5.11. The issue is a failure to handle unexpected arrival times of buffers with invalid layouts in buf_pullup, allowing remote attackers to trigger an assertion failure and daemon exit (denial of service). No exploitation d...
CVE-2015-2689
CVE-2015-2689 affects Tor releases prior to 0.2.4.26 and 0.2.5.x prior to 0.2.5.11, caused by improper handling of pending-connection resolve states during periods of high DNS load. This enables remote attackers to trigger a denial of service (assertion failure and daemon exit) via crafted packet...
CVE-2016-8860
Tor 0.2.8.9 and 0.2.9.x prior to 0.2.9.4-alpha are affected by a buffer termination bug in or/buffers.c where NUL termination on buf_t data is not guaranteed, enabling remote DoS via crafted data on client, hidden service, relay, or authority. Affected component: Tor core networking stack (Tor). ...
CVE-2012-5573
The CVE-2012-5573 issue affects Tor before 0.2.3.25, where SENDME cell handling could trigger memory exhaustion or excessive cell reception, enabling DoS or flow-control bypass. Affected component: core Tor relay/OR handling. Impact per sources: potential Denial of Service on entry nodes. Remedia...
CVE-2012-4419
CVE-2012-4419 affects Tor up to 0.2.2.39 and 0.2.3.x up to 0.2.3.21-rc. The vulnerability lies in compare_tor_addr_to_addr_policy (or/policies.c): a zero-valued port during policy comparison can trigger an assertion and cause the daemon to exit. Mitigation: upgrade to patched Tor versions (e.g., ...
CVE-2012-4922
Vulnerability summary (CVE-2012-4922) : In Tor, the tor_timegm function in common/util.c did not properly validate time values for a malformed directory object, allowing a remote attacker to trigger an assertion failure and daemon exit (DoS). This affects Tor versions before 0.2.2.39 and 0.2.3.x ...
CVE-2017-0375
The CVE-2017-0375 issue affects Tor’s hidden-service feature prior to 0.3.0.8, where a malformed BEGIN cell can trigger an assertion failure in relay_send_end_cell_from_edge_, causing a daemon crash (DoS). Affected software is Tor, with the root cause in the hidden service handling code. Remediat...
CVE-2013-7295
Tor before 0.2.4.20, when OpenSSL 1.x is used with a specific HardwareAccel setting on Intel Sandy Bridge/Ivy Bridge, may fail to generate random numbers for relay and hidden-service identity keys, potentially bypassing cryptographic protections. Impact is partial confidentiality/integrity risk; ...
CVE-2012-2249
The CVE-2012-2249 entry concerns Tor prior to 0.2.3.23-rc, where a denial-of-service is triggered by a renegotiation attempt after the V3 link protocol is initiated. The underlying effect is an assertion failure that causes the daemon to exit. Public references consistently state the vulnerabilit...
CVE-2017-0377
CVE-2017-0377 affects Tor 0.3.x before 0.3.0.9. The guard-selection algorithm incorrectly considers only the exit relay (not the exit relay’s family), which can allow an attacker to compromise anonymity by exploiting large family structures. The mitigation is upgrading to upstream version 0.3.0.9...
CVE-2012-2250
CVE-2012-2250 affects Tor before 0.2.3.24-rc. The issue allows remote attackers to cause a denial of service via incorrect link protocol negotiation, resulting in an assertion failure and daemon exit. Several connected sources indicate that upstream fixes were released (e.g., a new upstream tor v...
CVE-2026-44600
CVE-2026-44600 affects Tor prior to 0.4.9.7, where the conflux out-of-order queue is not correctly accounted during queue clearing (TROVE-2026-010). The issue is described as a handling/queue accounting bug in the conflux component, with impact listed as low availability impact in at least one CV...
CVE-2026-44599
Technical details about CVE-2026-44599 (affected software, vulnerable component, impact, or remediation) are not publicly available in the provided documents. Monitor for updates.
CVE-2026-44603
Summary (CVE-2026-44603) Tor before 0.4.9.7 contains an out-of-bounds read by one byte triggered by a malformed BEGIN cell (TROVE-2026-007). Red Hat describes it as a remote-a exploitable flaw that can cause a low-impact Denial of Service, potentially making the service unavailable to legitimate ...
CVE-2026-44601
Tor could crash a client when facing circuit queue memory pressure due to a double close of a circuit (TROVE-2026-009). Affected software: Tor prior to version 0.4.9.7. Root cause: circuit handling under memory pressure allows a double close, causing a denial of service on affected clients. Impac...
CVE-2026-44597
CVE-2026-44597 affects Tor before 0.4.9.7. The issue is an out-of-bounds read when END, TRUNCATE, or a TRUNCATED cell lacks a reason in its payload (TROVE-2026-011). Impact as per sources includes high confidentiality and availability risks (CVSS). Exploitation details are not provided in the doc...
CVE-2026-44602
Tor before 0.4.9.7 is affected by a NULL pointer dereference when a CERT cell is received out of order (TROVE-2026-006). This can lead to a denial of service, rendering the Tor service unavailable to legitimate users. The issue is triggered remotely via crafted CERT cells; sources in Red Hat and ...