Vulnerability Details CVE-2009-0939
Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.3%
CVSS Severity
CVSS v2 Score 10.0
References
- http://archives.seul.org/or/announce/Feb-2009/msg00000.html
- http://secunia.com/advisories/33880
- http://secunia.com/advisories/34583
- http://security.gentoo.org/glsa/glsa-200904-11.xml
- http://www.securityfocus.com/bid/33713
- http://archives.seul.org/or/announce/Feb-2009/msg00000.html
- http://secunia.com/advisories/33880
- http://secunia.com/advisories/34583
- http://security.gentoo.org/glsa/glsa-200904-11.xml
- http://www.securityfocus.com/bid/33713
Products affected by CVE-2009-0939
-
cpe:2.3:a:tor:tor:*
-
cpe:2.3:a:tor:tor:0.2.0.1
-
cpe:2.3:a:tor:tor:0.2.0.10
-
cpe:2.3:a:tor:tor:0.2.0.11
-
cpe:2.3:a:tor:tor:0.2.0.12
-
cpe:2.3:a:tor:tor:0.2.0.13
-
cpe:2.3:a:tor:tor:0.2.0.14
-
cpe:2.3:a:tor:tor:0.2.0.15
-
cpe:2.3:a:tor:tor:0.2.0.16
-
cpe:2.3:a:tor:tor:0.2.0.17
-
cpe:2.3:a:tor:tor:0.2.0.18
-
cpe:2.3:a:tor:tor:0.2.0.19
-
cpe:2.3:a:tor:tor:0.2.0.2
-
cpe:2.3:a:tor:tor:0.2.0.20
-
cpe:2.3:a:tor:tor:0.2.0.21
-
cpe:2.3:a:tor:tor:0.2.0.22
-
cpe:2.3:a:tor:tor:0.2.0.23
-
cpe:2.3:a:tor:tor:0.2.0.24
-
cpe:2.3:a:tor:tor:0.2.0.25
-
cpe:2.3:a:tor:tor:0.2.0.26
-
cpe:2.3:a:tor:tor:0.2.0.27
-
cpe:2.3:a:tor:tor:0.2.0.28
-
cpe:2.3:a:tor:tor:0.2.0.29
-
cpe:2.3:a:tor:tor:0.2.0.3
-
cpe:2.3:a:tor:tor:0.2.0.30
-
cpe:2.3:a:tor:tor:0.2.0.31
-
cpe:2.3:a:tor:tor:0.2.0.32
-
cpe:2.3:a:tor:tor:0.2.0.4
-
cpe:2.3:a:tor:tor:0.2.0.5
-
cpe:2.3:a:tor:tor:0.2.0.6