Unrated severityNVD Advisory· Published Aug 30, 2021· Updated Aug 4, 2024
CVE-2021-38385
CVE-2021-38385
Description
Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.
Affected products
6- Tor/Tordescription
- osv-coords5 versionspkg:rpm/opensuse/tor&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/tor&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/tor&distro=openSUSE%20Tumbleweedpkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2015%20SP2pkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2015%20SP3
< 0.4.6.7-lp152.2.15.1+ 4 more
- (no CPE)range: < 0.4.6.7-lp152.2.15.1
- (no CPE)range: < 0.4.6.7-bp153.2.6.1
- (no CPE)range: < 0.4.6.7-2.2
- (no CPE)range: < 0.4.6.7-bp152.2.15.1
- (no CPE)range: < 0.4.6.7-bp153.2.6.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- security.gentoo.org/glsa/202305-11mitrevendor-advisory
- blog.torproject.orgmitre
- blog.torproject.org/node/2062mitre
- bugs.torproject.org/tpo/core/tor/40078mitre
News mentions
0No linked articles in our index yet.