EUVD-2026-28231
Incorrect Provision of Specified Functionality (CWE-684)
GHSA-94jg-w625-jq92
3.7
CVSS 3.1
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Lifecycle Timeline
5
Patch available
May 07, 2026 - 06:16 EUVD
Analysis Generated
May 07, 2026 - 03:45 vuln.today
CVSS changed
May 07, 2026 - 02:34 NVD
3.7 (LOW)
CVE Published
May 07, 2026 - 00:56 nvd
UNKNOWN (no severity yet)
CVE Published
May 07, 2026 - 00:56 nvd
LOW 3.7
DescriptionNVD
Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011.
AnalysisAI
Out-of-bounds read in Tor before version 0.4.9.7 occurs when END, TRUNCATE, or TRUNCATED cells lack a reason field in their payload, allowing remote unauthenticated attackers to trigger a denial of service condition. The vulnerability requires high attack complexity and results in availability impact only. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).