Tor: >> Tor >> 0.1.2.1_alpha-cvs Security Vulnerabilities
Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before 0.2.2.20-alpha allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors.
CVSS Score
10.0
EPSS Score
0.105
Published
2010-12-22
Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated identity keys for certain directory authorities, which makes it easier for man-in-the-middle attackers to compromise the anonymity of traffic sources and destinations.
CVSS Score
5.0
EPSS Score
0.005
Published
2010-01-25
Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when functioning as a bridge directory authority, allows remote attackers to obtain sensitive information about bridge identities and bridge descriptors via a dbg-stability.txt directory query.
CVSS Score
5.0
EPSS Score
0.004
Published
2010-01-25
The connection_edge_process_relay_cell_not_open function in src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta allows exit relays to have an unspecified impact by causing controllers to accept DNS responses that redirect to an internal IP address via unknown vectors. NOTE: some of these details are obtained from third party information.
CVSS Score
5.0
EPSS Score
0.007
Published
2009-07-10
Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impact and remote attack vectors that trigger heap corruption.
CVSS Score
10.0
EPSS Score
0.012
Published
2009-02-03
Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process.
CVSS Score
7.2
EPSS Score
0.0
Published
2008-12-09
Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream.
CVSS Score
9.3
EPSS Score
0.008
Published
2008-12-09
Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, allows remote attackers to cause a denial of service via unspecified vectors.
CVSS Score
5.8
EPSS Score
0.009
Published
2007-07-30
Tor before 0.1.2.15 sends "destroy cells" containing the reason for tearing down a circuit, which allows remote attackers to obtain sensitive information, contrary to specifications.
CVSS Score
6.4
EPSS Score
0.008
Published
2007-07-30
Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams.
CVSS Score
5.8
EPSS Score
0.008
Published
2007-07-30
Page 1