High severity7.5NVD Advisory· Published Aug 30, 2021· Updated Jun 17, 2026
CVE-2021-38385
CVE-2021-38385
Description
Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- Tor/Tordescription
- Range: <0.3.5.16, <0.4.5.10, <0.4.6.7
- osv-coords5 versionspkg:rpm/opensuse/tor&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/tor&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/tor&distro=openSUSE%20Tumbleweedpkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2015%20SP2pkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2015%20SP3
< 0.4.6.7-lp152.2.15.1+ 4 more
- (no CPE)range: < 0.4.6.7-lp152.2.15.1
- (no CPE)range: < 0.4.6.7-bp153.2.6.1
- (no CPE)range: < 0.4.6.7-2.2
- (no CPE)range: < 0.4.6.7-bp152.2.15.1
- (no CPE)range: < 0.4.6.7-bp153.2.6.1
Patches
Vulnerability mechanics
References
4- bugs.torproject.org/tpo/core/tor/40078nvdExploitIssue TrackingVendor Advisory
- blog.torproject.orgnvdRelease NotesVendor Advisory
- blog.torproject.org/node/2062nvdRelease NotesVendor Advisory
- security.gentoo.org/glsa/202305-11nvd
News mentions
0No linked articles in our index yet.