7.5
CVE-2017-0377
- EPSS 2.45%
- Veröffentlicht 02.07.2017 15:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle security@debian.org
- CVE-Watchlists
- Unerledigt
Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Torproject ≫ Tor Version0.3.0.1 Updatealpha
Torproject ≫ Tor Version0.3.0.2 Updatealpha
Torproject ≫ Tor Version0.3.0.3 Updatealpha
Torproject ≫ Tor Version0.3.0.4
Torproject ≫ Tor Version0.3.0.5
Torproject ≫ Tor Version0.3.0.6
Torproject ≫ Tor Version0.3.0.7
Torproject ≫ Tor Version0.3.0.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.45% | 0.822 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
https://blog.torproject.org/blog/tor-0309-released-security-update-clients
https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clients
https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350
https://security-tracker.debian.org/CVE-2017-0377
https://trac.torproject.org/projects/tor/ticket/22753