Vulnerability Details CVE-2017-0377
Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://blog.torproject.org/blog/tor-0309-released-security-update-clients
- https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clients
- https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350
- https://security-tracker.debian.org/CVE-2017-0377
- https://trac.torproject.org/projects/tor/ticket/22753
- https://blog.torproject.org/blog/tor-0309-released-security-update-clients
- https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clients
- https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350
- https://security-tracker.debian.org/CVE-2017-0377
- https://trac.torproject.org/projects/tor/ticket/22753
Products affected by CVE-2017-0377
-
cpe:2.3:a:torproject:tor:0.3.0.1
-
cpe:2.3:a:torproject:tor:0.3.0.2
-
cpe:2.3:a:torproject:tor:0.3.0.3
-
cpe:2.3:a:torproject:tor:0.3.0.4
-
cpe:2.3:a:torproject:tor:0.3.0.5
-
cpe:2.3:a:torproject:tor:0.3.0.6
-
cpe:2.3:a:torproject:tor:0.3.0.7
-
cpe:2.3:a:torproject:tor:0.3.0.8