VYPR

Tor

by Torproject

Source repositories

CVEs (42)

  • CVE-2017-8823HigDec 3, 2017
    risk 0.53cvss 8.1epss 0.02

    In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certain error cases, aka…

  • CVE-2017-8821HigDec 3, 2017
    risk 0.49cvss 7.5epss 0.02

    In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which…

  • CVE-2017-8820HigDec 3, 2017
    risk 0.49cvss 7.5epss 0.02

    In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed…

  • CVE-2017-8819HigDec 3, 2017
    risk 0.49cvss 7.5epss 0.01

    In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to…

  • CVE-2017-0377HigJul 2, 2017
    risk 0.49cvss 7.5epss 0.02

    Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.

  • CVE-2017-0376HigJun 9, 2017
    risk 0.49cvss 7.5epss 0.02

    The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit.

  • CVE-2017-0375HigJun 9, 2017
    risk 0.49cvss 7.5epss 0.03

    The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell.

  • CVE-2016-8860HigJan 4, 2017
    risk 0.49cvss 7.5epss 0.02

    Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of…

  • CVE-2017-16541MedNov 4, 2017
    risk 0.43cvss 6.5epss 0.04

    Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.

  • CVE-2016-1254HigDec 5, 2017
    risk 0.42cvss 7.5epss 0.03

    Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.

  • CVE-2017-0380MedSep 18, 2017
    risk 0.38cvss 5.9epss 0.02

    The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by…

  • CVE-2026-44603LowMay 7, 2026
    risk 0.24cvss 3.7epss 0.00

    Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007.

  • CVE-2026-44602LowMay 7, 2026
    risk 0.24cvss 3.7epss 0.00

    Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006.

  • CVE-2026-44601LowMay 7, 2026
    risk 0.24cvss 3.7epss 0.00

    Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009.

  • CVE-2026-44600LowMay 7, 2026
    risk 0.24cvss 3.7epss 0.00

    Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010.

  • CVE-2026-44599LowMay 7, 2026
    risk 0.24cvss 3.7epss 0.00

    Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008.

  • CVE-2026-44597LowMay 7, 2026
    risk 0.24cvss 3.7epss 0.00

    Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011.

  • CVE-2017-8822LowDec 3, 2017
    risk 0.24cvss 3.7epss 0.01

    In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka…

  • CVE-2015-2688Jan 24, 2020
    risk 0.00cvss epss 0.02

    buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.

  • CVE-2015-2689Jan 24, 2020
    risk 0.00cvss epss 0.02

    Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.

Page 1 of 3