Tor Security Vulnerabilities and Issues — Tor CVE List

Lucene search

TorprojectTor

6 matches found

CVE•added 2021/03/19 5:15 a.m.•193 views

CVE-2021-28090

Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.

5.3CVSS5.9AI score0.02687EPSS

CVE•added 2021/03/19 5:15 a.m.•172 views

CVE-2021-28089

Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.

7.5CVSS7.2AI score0.01689EPSS

CVE•added 2021/06/29 11:15 a.m.•172 views

CVE-2021-34548

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream.

7.5CVSS7.2AI score0.00159EPSS

CVE•added 2021/06/29 12:15 p.m.•172 views

CVE-2021-34550

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor

7.5CVSS7.1AI score0.00832EPSS

CVE•added 2021/06/29 12:15 p.m.•171 views

CVE-2021-34549

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.

7.5CVSS7.2AI score0.00645EPSS

CVE•added 2021/08/30 5:15 a.m.•145 views

CVE-2021-38385

Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.

7.5CVSS7.2AI score0.00468EPSS