High severity7.5NVD Advisory· Published Jul 2, 2017· Updated May 13, 2026

CVE-2017-0377

Description

Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350nvdPatchThird Party Advisory
blog.torproject.org/blog/tor-0309-released-security-update-clientsnvdRelease NotesVendor Advisory
blog.torproject.org/blog/tor-0314-alpha-released-security-update-clientsnvdRelease NotesVendor Advisory
security-tracker.debian.org/CVE-2017-0377nvdThird Party Advisory
trac.torproject.org/projects/tor/ticket/22753nvdIssue TrackingVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000