25 matches found
CVE-2021-28090
CVE-2021-28090 affects Tor up to version 0.4.5.7, where a bug in appending detached signatures to a pending consensus document could be exploited to crash a directory authority via an assertion failure (TROVE-2021-002). Open-source advisories and Nessus/Gentoo/OpenSUSE entries confirm this and re...
CVE-2017-16541
CVE-2017-16541 concerns Tor Browser before 7.0.9 for macOS/Linux, where crafted web content abusing Firefox file:// handling could reveal the client’s IP address, i.e., a partial anonymity bypass. Several connected advisories (e.g., CESA-2018:3403, DSA-4327-1) cite Mozilla Firefox/Thunderbird upd...
CVE-2021-34548
The CVE-2021-34548 entry pertains to Tor up to version 0.4.6.5 (TROVE-2021-003). Affected component: Tor relay/stream handling where an attacker can forge RELAY_END or RELAY_RESOLVED to bypass access control on half‑closed streams, potentially terminating streams or impacting availability. Impact...
CVE-2021-28089
CVE-2021-28089 affects Tor before 0.4.5.7, enabling a remote participant in the Tor directory protocol to exhaust CPU resources on a target (denial of service). Connected advisories trace the issue to a memory/CPU handling flaw (dump_desc() dumping unparseable data) and related directory‑consensu...
CVE-2020-10592
Tor is affected by CVE-2020-10592 (CPU consumption DoS) and CVE-2020-10593 (circuit padding memory leak) in versions before 0.3.5.10/0.4.x before 0.4.1.9/0.4.2.x before 0.4.2.7. Public advisories indicate upgrades to Tor 0.3.5.12 or later (e.g., 0.3.5.12, and later 0.3.5.x lines) address these is...
CVE-2021-34549
CVE-2021-34549 affects Tor prior to 0.4.6.5. The issue is a hashtable-based CPU denial-of-service attack against relays: an attacker can exploit a naive, unkeyed hash used to look up circuits in a circuitmux to construct circuits with chosen circuit IDs, causing collisions and degraded performanc...
CVE-2021-34550
Tor before 0.4.6.5 has a vulnerability in the v3 onion service descriptor parser that allows out-of-bounds memory access, causing client crashes. The issue is documented as CVE-2021-34550. Connected advisories indicate the vulnerability could lead to denial of service for relays/clients and that ...
CVE-2020-10593
CVE-2020-10593 affects Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7. Root cause: a circuit-padding machine can be negotiated twice on the same circuit (circpad_setup_machine_on_circ), causing a memory leak that leads to DoS. Exploitation details are not provided beyond th...
CVE-2021-38385
Tor vulnerable in versions before 0.3.5.16, 0.4.5.10, and 0.4.6.7 due to mishandling the relationship between batch-signature and single-signature verification, causing remote assertion failures (TROVE-2021-007). Connected advisories confirm the issue across multiple distributions and recommend u...
CVE-2019-8955
CVE-2019-8955 affects Tor before certain updates, where a memory exhaustion in the KIST cell scheduler could enable a remote denial-of-service. Affected lines include Tor versions up to 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha. Public docs (OpenSUS...
CVE-2020-15572
CVE-2020-15572 affects Tor prior to 0.4.3.6 and is caused by an out-of-bounds memory access when using NSS (TROVE-2020-001), allowing a remote denial-of-service (crash) target at affected Tor instances. Multiple advisories confirm the vulnerability and provide fixes in later Tor releases: 0.4.4.6...
CVE-2016-1254
Tor before 0.2.8.12 is affected by CVE-2016-1254. The vulnerability arises from parsing hidden service descriptors and can cause a denial-of-service client crash. Affected products are Tor releases prior to 0.2.8.12; exploitation details are not provided beyond the crash condition. Remediation is...
CVE-2017-0376
The CVE-2017-0376 vulnerability affects Tor prior to 0.3.0.8, caused by a flaw in the hidden-service code when receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. This can trigger an assertion failure and daemon exit, resulting in denial of service. Upstream fixes are in Tor 0.3.0....
CVE-2015-2928
In CVE-2015-2928, the Hidden Service server in Tor is vulnerable to remote Denial of Service via unspecified vectors in older releases: Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7. The issue causes an assertion failure and daemon exit. Remediation is to upgrade to the...
CVE-2015-2929
CVE-2015-2929 affects the Hidden Service client in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7. A malformed HS descriptor can cause a denial of service (assertion failure and application exit) on remote servers. Connected sources corroborate the remediation path: upgr...
CVE-2023-23589
CVE-2023-23589 concerns Tor’s SafeSocks option. A logic error lets unsafe SOCKS4 traffic pass while blocking the safe SOCKS4a path (TROVE-2022-002). Affected: Tor before 0.4.7.13 (various distributions reference this vulnerability in advisories and security updates). Impact stated in sources: exp...
CVE-2015-2688
CVE-2015-2688 affects Tor versions before 0.2.4.26 and 0.2.5.x before 0.2.5.11. The issue is a failure to handle unexpected arrival times of buffers with invalid layouts in buf_pullup, allowing remote attackers to trigger an assertion failure and daemon exit (denial of service). No exploitation d...
CVE-2015-2689
CVE-2015-2689 affects Tor releases prior to 0.2.4.26 and 0.2.5.x prior to 0.2.5.11, caused by improper handling of pending-connection resolve states during periods of high DNS load. This enables remote attackers to trigger a denial of service (assertion failure and daemon exit) via crafted packet...
CVE-2017-0375
The CVE-2017-0375 issue affects Tor’s hidden-service feature prior to 0.3.0.8, where a malformed BEGIN cell can trigger an assertion failure in relay_send_end_cell_from_edge_, causing a daemon crash (DoS). Affected software is Tor, with the root cause in the hidden service handling code. Remediat...
CVE-2026-44599
Technical details about CVE-2026-44599 (affected software, vulnerable component, impact, or remediation) are not publicly available in the provided documents. Monitor for updates.
CVE-2026-44600
CVE-2026-44600 affects Tor prior to 0.4.9.7, where the conflux out-of-order queue is not correctly accounted during queue clearing (TROVE-2026-010). The issue is described as a handling/queue accounting bug in the conflux component, with impact listed as low availability impact in at least one CV...
CVE-2026-44603
Summary (CVE-2026-44603) Tor before 0.4.9.7 contains an out-of-bounds read by one byte triggered by a malformed BEGIN cell (TROVE-2026-007). Red Hat describes it as a remote-a exploitable flaw that can cause a low-impact Denial of Service, potentially making the service unavailable to legitimate ...
CVE-2026-44597
CVE-2026-44597 affects Tor before 0.4.9.7. The issue is an out-of-bounds read when END, TRUNCATE, or a TRUNCATED cell lacks a reason in its payload (TROVE-2026-011). Impact as per sources includes high confidentiality and availability risks (CVSS). Exploitation details are not provided in the doc...
CVE-2026-44601
Tor could crash a client when facing circuit queue memory pressure due to a double close of a circuit (TROVE-2026-009). Affected software: Tor prior to version 0.4.9.7. Root cause: circuit handling under memory pressure allows a double close, causing a denial of service on affected clients. Impac...
CVE-2026-44602
Tor before 0.4.9.7 is affected by a NULL pointer dereference when a CERT cell is received out of order (TROVE-2026-006). This can lead to a denial of service, rendering the Tor service unavailable to legitimate users. The issue is triggered remotely via crafted CERT cells; sources in Red Hat and ...