High severity7.5NVD Advisory· Published Dec 3, 2017· Updated May 13, 2026

CVE-2017-8819

Description

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigger this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

The replay-cache in Tor's v2 onion services is ineffective, allowing an attacker to replay INTRODUCE2 cells and degrade anonymity.

Vulnerability

In Tor before versions 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism for v2 onion services is ineffective [1]. This allows an attacker to send many INTRODUCE2 cells, which are supposed to be uniquely identified and rejected if replayed, but the cache fails to detect duplicates. The issue is tracked as TROVE-2017-009 [1].

Exploitation

An attacker does not require any special privileges or authentication beyond being able to communicate with the Tor network. The attacker sends multiple INTRODUCE2 cells to a v2 onion service's introduction point. Because the replay cache is ineffective, these duplicate cells are processed, potentially causing the service to build multiple circuits to the attacker's rendezvous point. The attack requires no user interaction on the victim's part and can be executed from any position on the network that can relay cells to the introduction point [1].

Impact

Successful exploitation of this vulnerability allows an attacker to degrade the anonymity of v2 onion services. By replaying INTRODUCE2 cells, an attacker can cause the onion service to create multiple rendezvous circuits, which can be used for traffic confirmation attacks or to link the service to its introduction point [1]. The attack does not directly lead to remote code execution or data disclosure, but it undermines the security guarantees of Tor's hidden service protocol.

Mitigation

The vulnerability is fixed in Tor versions 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, and 0.3.1.9, which were released on December 1, 2017 [1]. All users should upgrade to one of these patched releases, or to 0.3.2.6-alpha. No workaround exists for unpatched versions. The Tor Project has not listed this CVE on the Known Exploited Vulnerabilities (KEV) catalog as of this writing.

References

New stable Tor releases, with security fixes: 0.3.1.9, 0.3.0.13, 0.2.9.14, 0.2.8.17, 0.2.5.16 | Tor Project

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Torproject/Tor
cpe:2.3:a:tor_project:tor:*:*:*:*:*:*:*:*
Range: <0.2.5.16
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
osv-coords2 versions
pkg:rpm/opensuse/tor&distro=openSUSE%20Tumbleweed pkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2012
< 0.4.6.7-2.2+ 1 more
- (no CPE)range: < 0.4.6.7-2.2
- (no CPE)range: < 0.3.1.9-8.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516nvdVendor Advisory
bugs.torproject.org/24244nvdVendor Advisory
www.debian.org/security/2017/dsa-4054nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000