Shodan
Vulnerabilities
Vulnerable Software
Torproject:  >> Tor  Security Vulnerabilities
CVE-2026-44601
Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009.
CVSS Score
3.7
EPSS Score
0.003
Published
2026-05-07
CVE-2026-44602
Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006.
CVSS Score
3.7
EPSS Score
0.003
Published
2026-05-07
CVE-2026-44603
Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007.
CVSS Score
3.7
EPSS Score
0.003
Published
2026-05-07
CVE-2026-44600
Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010.
CVSS Score
3.7
EPSS Score
0.004
Published
2026-05-07
CVE-2026-44599
Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008.
CVSS Score
3.7
EPSS Score
0.003
Published
2026-05-07
CVE-2026-44597
Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011.
CVSS Score
3.7
EPSS Score
0.004
Published
2026-05-07
CVE-2023-23589
The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.
CVSS Score
6.5
EPSS Score
0.008
Published
2023-01-14
CVE-2022-33903
Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation.
CVSS Score
7.5
EPSS Score
0.011
Published
2022-07-17
CVE-2021-46702
Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn't properly free memory.
CVSS Score
5.5
EPSS Score
0.004
Published
2022-02-26
CVE-2021-38385
Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.
CVSS Score
7.5
EPSS Score
0.017
Published
2021-08-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved