CVE-2021-46702

EPSS 0.13%
Veröffentlicht 26.02.2022 03:15:07
Zuletzt bearbeitet 21.11.2024 06:34:35
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn't properly free memory.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Torproject ≫ Tor Version9.0.7

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.285

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

https://www.sciencedirect.com/science/article/pii/S0167404821001358

Third Party Advisory

Technical Description

https://nvd.nist.gov/vuln/detail/CVE-2021-46702

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-46702

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-46702

EUVD