Skip to main content

Tor

44 CVEs product

Monthly

CVE-2026-44603 LOW PATCH Monitor

Out-of-bounds read by one byte in Tor before version 0.4.9.7 when processing malformed BEGIN cells allows remote unauthenticated attackers to cause a denial of service through information disclosure. The vulnerability has a low CVSS impact score (3.7) due to high attack complexity and limited availability impact, though the exact exploitation mechanics require Tor relay configuration and a specially crafted cell.

Buffer Overflow Tor
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-44602 LOW PATCH Monitor

Tor before version 0.4.9.7 crashes due to a NULL pointer dereference when CERT cells are received out of order, causing denial of service against relay nodes and clients. Remote unauthenticated attackers on the network can trigger this crash by sending malformed cell sequences, disabling affected Tor instances. No active exploitation confirmed, but the vulnerability affects core protocol handling in all affected versions.

Denial Of Service Null Pointer Dereference Tor
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-44601 LOW PATCH Monitor

Tor before version 0.4.9.7 can crash due to a double-close vulnerability in circuit handling when memory pressure conditions exist on the circuit queue, resulting in denial of service to affected clients. The vulnerability requires specific network conditions (high circuit queue load) to trigger but affects all Tor clients running vulnerable versions. A patch is available in Tor 0.4.9.7 and later.

Denial Of Service Tor
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-44600 LOW PATCH Monitor

Tor before version 0.4.9.7 mishandles memory accounting in the conflux out-of-order queue during queue clearing operations, leading to a denial-of-service condition through resource exhaustion. Unauthenticated remote attackers can exploit this via network-level packet manipulation to trigger improper queue state management, causing availability degradation on affected Tor relays and clients. The vulnerability has a low severity CVSS score (3.7) due to attack complexity and availability-only impact, with no confirmed active exploitation at time of analysis.

Information Disclosure Tor
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-44599 LOW PATCH Monitor

Tor before version 0.4.9.7 can incorrectly attempt or accept BEGIN_DIR cells over conflux legs, a Tor relay multiplexing feature, enabling potential integrity violations in circuit construction. The vulnerability has a CVSS score of 3.7 (low severity) with impact limited to integrity rather than confidentiality or availability. No public exploit code or active exploitation has been identified at the time of analysis.

Information Disclosure Tor
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-44597 LOW PATCH Monitor

Out-of-bounds read in Tor before version 0.4.9.7 occurs when END, TRUNCATE, or TRUNCATED cells lack a reason field in their payload, allowing remote unauthenticated attackers to trigger a denial of service condition. The vulnerability requires high attack complexity and results in availability impact only. CVSS score is 3.7 with no active exploitation (KEV) or public exploit code confirmed at time of analysis.

Buffer Overflow Tor
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2023-23589 MEDIUM POC PATCH This Month

The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tor Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-33903 HIGH PATCH This Week

Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Tor
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-38385 HIGH POC This Week

Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tor
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-34550 HIGH This Week

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tor
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-34549 HIGH This Week

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-34548 HIGH This Week

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tor
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-28090 MEDIUM This Month

Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor Fedora
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-28089 HIGH This Week

Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor Fedora
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-15572 HIGH This Week

Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Information Disclosure Tor
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-10593 HIGH This Week

Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor Backports Sle Leap
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2020-10592 HIGH This Week

Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor Backports Leap
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-8516 MEDIUM POC This Month

The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tor
NVD
CVSS 3.1
5.3
EPSS
2.5%
CVE-2019-8955 HIGH This Week

In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor
NVD
CVSS 3.0
7.5
EPSS
4.6%
CVE-2018-0491 HIGH POC PATCH THREAT This Week

A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Tor
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
15.1%
CVE-2018-0490 HIGH This Week

An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Tor Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2016-1254 HIGH PATCH This Week

Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Tor Debian Linux Fedora +2
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2017-8823 HIGH This Week

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Use After Free Information Disclosure Tor Debian Linux
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2017-8822 LOW Monitor

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Tor Debian Linux
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2017-8821 HIGH This Week

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service OpenSSL Tor Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-8820 HIGH This Week

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Tor Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-8819 HIGH This Week

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tor Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-16541 MEDIUM POC This Month

Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Mozilla Information Disclosure Tor Enterprise Linux Desktop +6
NVD
CVSS 3.1
6.5
EPSS
7.7%
CVE-2017-0380 MEDIUM PATCH This Month

The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Tor
NVD GitHub
CVSS 3.0
5.9
EPSS
0.4%
CVE-2017-11565 HIGH This Week

debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Debian Authentication Bypass Tor
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-0377 HIGH PATCH This Week

Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Tor
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-0376 HIGH PATCH This Week

The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Tor Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-0375 HIGH PATCH This Week

The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Tor
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2016-8860 HIGH PATCH This Week

Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Tor
NVD GitHub
CVSS 3.0
7.5
EPSS
2.7%
CVE-2014-5117 MEDIUM This Month

Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Tor
NVD
CVSS 2.0
5.8
EPSS
0.6%
CVE-2012-2250 MEDIUM This Month

Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol negotiation incorrectly. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Tor
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2012-2249 MEDIUM This Month

Tor before 0.2.3.23-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a renegotiation attempt that occurs after the initiation of the V3 link protocol. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Tor
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-7295 MEDIUM This Month

Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

OpenSSL Intel Authentication Bypass Tor
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2012-5573 MEDIUM PATCH This Month

The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Tor
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2012-4922 MEDIUM This Month

The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Tor
NVD
CVSS 2.0
5.0
EPSS
4.2%
CVE-2012-4419 MEDIUM This Month

The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Tor
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2012-3519 MEDIUM This Month

routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Tor
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2012-3518 MEDIUM This Month

The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Tor
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2012-3517 MEDIUM PATCH This Month

Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Tor
NVD
CVSS 2.0
5.0
EPSS
1.5%
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Out-of-bounds read by one byte in Tor before version 0.4.9.7 when processing malformed BEGIN cells allows remote unauthenticated attackers to cause a denial of service through information disclosure. The vulnerability has a low CVSS impact score (3.7) due to high attack complexity and limited availability impact, though the exact exploitation mechanics require Tor relay configuration and a specially crafted cell.

Buffer Overflow Tor
NVD VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Tor before version 0.4.9.7 crashes due to a NULL pointer dereference when CERT cells are received out of order, causing denial of service against relay nodes and clients. Remote unauthenticated attackers on the network can trigger this crash by sending malformed cell sequences, disabling affected Tor instances. No active exploitation confirmed, but the vulnerability affects core protocol handling in all affected versions.

Denial Of Service Null Pointer Dereference Tor
NVD VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Tor before version 0.4.9.7 can crash due to a double-close vulnerability in circuit handling when memory pressure conditions exist on the circuit queue, resulting in denial of service to affected clients. The vulnerability requires specific network conditions (high circuit queue load) to trigger but affects all Tor clients running vulnerable versions. A patch is available in Tor 0.4.9.7 and later.

Denial Of Service Tor
NVD VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Tor before version 0.4.9.7 mishandles memory accounting in the conflux out-of-order queue during queue clearing operations, leading to a denial-of-service condition through resource exhaustion. Unauthenticated remote attackers can exploit this via network-level packet manipulation to trigger improper queue state management, causing availability degradation on affected Tor relays and clients. The vulnerability has a low severity CVSS score (3.7) due to attack complexity and availability-only impact, with no confirmed active exploitation at time of analysis.

Information Disclosure Tor
NVD VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Tor before version 0.4.9.7 can incorrectly attempt or accept BEGIN_DIR cells over conflux legs, a Tor relay multiplexing feature, enabling potential integrity violations in circuit construction. The vulnerability has a CVSS score of 3.7 (low severity) with impact limited to integrity rather than confidentiality or availability. No public exploit code or active exploitation has been identified at the time of analysis.

Information Disclosure Tor
NVD VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Out-of-bounds read in Tor before version 0.4.9.7 occurs when END, TRUNCATE, or TRUNCATED cells lack a reason field in their payload, allowing remote unauthenticated attackers to trigger a denial of service condition. The vulnerability requires high attack complexity and results in availability impact only. CVSS score is 3.7 with no active exploitation (KEV) or public exploit code confirmed at time of analysis.

Buffer Overflow Tor
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tor Debian Linux +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Tor
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tor
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tor
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor
NVD
EPSS 3% CVSS 7.5
HIGH This Week

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tor
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor Fedora
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor Fedora
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Information Disclosure +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor Backports Sle +1
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor Backports +1
NVD
EPSS 2% CVSS 5.3
MEDIUM POC This Month

The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tor
NVD
EPSS 5% CVSS 7.5
HIGH This Week

In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor
NVD
EPSS 15% CVSS 7.5
HIGH POC PATCH THREAT This Week

A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free +1
NVD Exploit-DB
EPSS 3% CVSS 7.5
HIGH This Week

An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Tor +1
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Tor +4
NVD
EPSS 0% CVSS 8.1
HIGH This Week

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Use After Free Information Disclosure +2
NVD
EPSS 0% CVSS 3.7
LOW Monitor

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Tor Debian Linux
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service OpenSSL +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Tor +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tor Debian Linux
NVD
EPSS 8% CVSS 6.5
MEDIUM POC This Month

Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Mozilla Information Disclosure +8
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Tor
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Debian Authentication Bypass Tor
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Tor
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Tor Debian Linux
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Tor
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Tor
NVD GitHub
EPSS 1% CVSS 5.8
MEDIUM This Month

Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Tor
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol negotiation incorrectly. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Tor
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Tor before 0.2.3.23-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a renegotiation attempt that occurs after the initiation of the V3 link protocol. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Tor
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

OpenSSL Intel Authentication Bypass +1
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Tor
NVD
EPSS 4% CVSS 5.0
MEDIUM This Month

The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Tor
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Tor
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Tor
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Tor
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Tor
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy