High severity7.5NVD Advisory· Published Jul 2, 2017· Updated Jun 17, 2026
CVE-2017-0377
CVE-2017-0377
Description
Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10cpe:2.3:a:torproject:tor:0.3.0.1:alpha:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:torproject:tor:0.3.0.1:alpha:*:*:*:*:*:*
- cpe:2.3:a:torproject:tor:0.3.0.2:alpha:*:*:*:*:*:*
- cpe:2.3:a:torproject:tor:0.3.0.3:alpha:*:*:*:*:*:*
- cpe:2.3:a:torproject:tor:0.3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:torproject:tor:0.3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:torproject:tor:0.3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:torproject:tor:0.3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:torproject:tor:0.3.0.8:*:*:*:*:*:*:*
- (no CPE)range: <0.3.0.9
Patches
Vulnerability mechanics
References
5- github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350nvdPatchThird Party Advisory
- blog.torproject.org/blog/tor-0309-released-security-update-clientsnvdRelease NotesVendor Advisory
- blog.torproject.org/blog/tor-0314-alpha-released-security-update-clientsnvdRelease NotesVendor Advisory
- security-tracker.debian.org/CVE-2017-0377nvdThird Party Advisory
- trac.torproject.org/projects/tor/ticket/22753nvdIssue TrackingVendor Advisory
News mentions
0No linked articles in our index yet.