Medium severity5.9NVD Advisory· Published Sep 18, 2017· Updated May 13, 2026

CVE-2017-0380

Description

The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/torproject/tor/commit/09ea89764a4d3a907808ed7d4fe42abfe64bd486nvdPatchThird Party Advisory
trac.torproject.org/projects/tor/ticket/23490nvdMitigationPatchVendor Advisory
www.debian.org/security/2017/dsa-3993nvd
www.securitytracker.com/id/1039519nvd

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000